d17c80ce98ebb5a38515037bd46139d266e4401e1e25397f73ad45f189f71ab9 | Triage

Sharing

General

Target

catalog-274364496.zip
Size

50KB
Sample

210513-hnet588swx
MD5

53c860bf2562786a8bb19f98d675e58d
SHA1

1f9e21df3449d852177357d16e0959c64363c46e
SHA256

d17c80ce98ebb5a38515037bd46139d266e4401e1e25397f73ad45f189f71ab9
SHA512

960aa32f2894194c2d2cd9be7a61b946747c8724ba837b967437b668119cdd08e160fef0c6096b742f0dd094463e77fb02e88c19a9a650a4708fddca3e9a5c11

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-274364496.xls
- Size
  
  367KB
- MD5
  
  f0f92443dacd00b77a37bdb99a1dd2e1
- SHA1
  
  2b70762d907e2a0a8bcb0bbac2a9a8984efa85b6
- SHA256
  
  89df69810b92821f2f69889b6d41f00946d5f26535d5e7508ecdea1048652828
- SHA512
  
  ec19837d49f741dc0edfb2743bd6c153ecd6a0239562c985c42b1d6d8f82812026c0b6a5bc931a8bbf1de82063f14e98a70e91334ecc6c1f94158c91f5b7ccdc
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2