Overview

overview

10

Static

static

catalog-20...28.xls

windows7_x64

10

catalog-20...28.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2073106428.zip

  • Size

    50KB

  • Sample

    210513-h88kh76dga

  • MD5

    a009d4d421446debc15415074a57bcd4

  • SHA1

    4b687178ae21a556b2d22e0128538987930c7ede

  • SHA256

    c1f64b4f084b37a231990814c431e7d4eaad3e2cceb5a38d62f4f9f79bcd9ffe

  • SHA512

    bedbed5327d2c3d18782a0f08212d59be1485bfdea9b8d9d9a70ac1f9e2e6de9d7e23850393b4afecfa230797a1f6d4d9be927b2ad8ea28afef5e48f64fbca29

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2073106428.xls

    • Size

      367KB

    • MD5

      5bef2a4476c22f91d4b77802cbbd66dc

    • SHA1

      abee3e6b5e3a1b8c0d120387a11880f7863077c9

    • SHA256

      5aa78f2233eedc785ad90718ab50f74f23e893ff3523137b6bde7fea883280e1

    • SHA512

      439612d297e1c7f0fb56c43e80c3d260f316fa17b3d9fbd8cf3c09f5a2330d450208935747be6d814345db47c1c752769e182db2172d08e988fc13ca94ddf81c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks