e5ba5da052f9d1d94f512bb2e68b6f73e6eba72182d563ecafe251a9b66b2b25 | Triage

Sharing

General

Target

catalog-246484755.zip
Size

50KB
Sample

210513-jahs4fysp6
MD5

5aaf7eabcc73aae53c448809049efae3
SHA1

4b2f18bcd472b6eb762b9ad252f39855bf061e0b
SHA256

e5ba5da052f9d1d94f512bb2e68b6f73e6eba72182d563ecafe251a9b66b2b25
SHA512

974a4116edcee61cda7fe9f86bed0313fd807f6ddaed27a68ac7a200f14e04b2f9b5311fa4fa089267b237bd39f22ca63c15c72f990ab5317d4718cbf23a587d

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-246484755.xls
- Size
  
  367KB
- MD5
  
  4202510d10185f6f3b811f261a365870
- SHA1
  
  c5142a69e1903cd1e6d797e171fb6f080062c8d2
- SHA256
  
  c23077ac89e3ead5440e855f4c430bb3efe97d6dc4674e4ae961f7eb32221011
- SHA512
  
  20454e1fda2f34d876cdf9312e4f5f0bb9a7a2896553d54aa50712421dbaa3c8313b1637afa035c5d7f63419de09baed4c2c8e115d6a911af5c71294a031a119
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2