Overview

overview

10

Static

static

catalog-20...44.xls

windows7_x64

10

catalog-20...44.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2053425544.zip

  • Size

    50KB

  • Sample

    210513-hffyagyv3a

  • MD5

    a157eeebfb226d2072af02dd0985b744

  • SHA1

    854d2358cc079d105e0b8a858bc5207a5ceb99d5

  • SHA256

    93cbac8660d1d5fbf3035e133ac58444d259d7ffd82924d07a625b9a0fc2588f

  • SHA512

    2ff1d930e1e46ddf18b5c451bc06a623341e1f66b6bfd16f62581fb0ac33675fa13c596170db62a34a3fc9ab22f1138c67e96decfadc29ace1269748ecd56138

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2053425544.xls

    • Size

      367KB

    • MD5

      a58070871aa8faa0b298d9ac99a9c7e3

    • SHA1

      fc4dd9556d02fe6df6a441ff22c8e9011ae640ff

    • SHA256

      971e709a346a79f43ba5956835cd685542eba41ba8adaa0171e36b2f73c6b0d5

    • SHA512

      9e7a7dcc2b3b0bc7ad121b23bc2a760863caa8e3dad9413e7cfc0f615250961c1d22a838ea27b34e5b5c5184b83de006c9c76d5633ccbd7149810ece7574fc71

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks