11a9dda5ef6f101924c49ecde5c9a00c5c776fb71701eda53dbc83499920eb8c | Triage

Sharing

General

Target

catalog-1911367047.zip
Size

50KB
Sample

210513-j6fm3alhzj
MD5

06ac491c33768e0fc4a205e5d9e137ce
SHA1

ea5e23b66e89996fd0865bcb433a7cb90870ec5c
SHA256

11a9dda5ef6f101924c49ecde5c9a00c5c776fb71701eda53dbc83499920eb8c
SHA512

729ace2b9bcb756ea459bd1305a1faefec21689732c69b522be1feeca23cc29a99feaf5033ad6ce477d9f0296941d955a6077ea340d8a4c41c417d1722afb891

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1911367047.xls
- Size
  
  367KB
- MD5
  
  3f61d6426515d7ac0ba8fdfb90ef78c2
- SHA1
  
  0c5c7265ad011416289b1d6a95c9581cab58033b
- SHA256
  
  5a4108e08f3a796a4e622fa488550b79139d45a80a6949449fc516713dbb728d
- SHA512
  
  b4409c6dde61d8d83803ae023ef8eed2f894ead6b30c54548e6b04b686f5b2e69bf440e4cd199c7eda69d8f324725013eb47387a9756a9f863cce0abbfdeef09
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2