a9dbf7b6e18c909880ffb9776eee944cd35745933c22267580e779cae371ead5 | Triage

Sharing

General

Target

catalog-249397.zip
Size

50KB
Sample

210513-jestr8a3ve
MD5

f5512ea02bff5e45e5859f92631c2455
SHA1

832d442fedf73d83e29ca3dbcd275bf2030a179c
SHA256

a9dbf7b6e18c909880ffb9776eee944cd35745933c22267580e779cae371ead5
SHA512

b072f9eeb57a8ffb665711a51359c9b40692ba59c3b88c6d0428f7b50b7519f8bda29cd8f4241eeeb5c8189ed22f406a0e97c8d9f7badbeceb7e1af2806f0c55

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-249397.xls
- Size
  
  367KB
- MD5
  
  b3905a4e83c1bead87d497b30c37617c
- SHA1
  
  ac63f819f6dfee2b1d5c9e6c83f4068f3467e380
- SHA256
  
  612372ef00effc54e2b9a975704ae923ba9161fef0fcc94f4b4018275b9f434d
- SHA512
  
  b9f9b6e36c3f6559e1884097764db5110bf0b35abdbee1bf49075b7a92d81a5e0bd517b0398f1d051073b74f48c63f9a8c7e5400715144d8f97f2bc4832dfaa0
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2