aa960c7456fb4f3ab04a5c4bbb700f4275d4da9f2a4a7e47461762d20d3df64e | Triage

Sharing

General

Target

catalog-2126809506.zip
Size

50KB
Sample

210513-hks4fs1gxn
MD5

3cf38febf15cfb7509c4e736bc1a69e1
SHA1

986d38966415f15ae3d888330ecfdfff87e6c098
SHA256

aa960c7456fb4f3ab04a5c4bbb700f4275d4da9f2a4a7e47461762d20d3df64e
SHA512

f18c0b640f1c6b24216225da057e61a7afcdf63dbd5c9c0210d4bd0ee435fe06f425829c107acdd02e354c0e9f21a2776c9a639669b0d38e6333e2f1337df519

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2126809506.xls
- Size
  
  367KB
- MD5
  
  396ab95aa59bc4ffb902be33b907ad71
- SHA1
  
  8f5b7c9ba6cc318d9b5a80e2086d3647de06f5ba
- SHA256
  
  f5c0cd884f0ff921534c2fa1929c5458860ee75b1bee4f5377e2771e2d559fa4
- SHA512
  
  e97ffdad35cf03910e043cd887145252bfea5e2297f68d41e6d04e69fe68bdaee21f2383888b675baeffa21983b1ace3f0f7f0d3386daea80f1bdf256c6d42a4
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2