08dd21cb64a79ac802a2db86eb92e3e8a1e36b24aba8585174f5b43eaf108429 | Triage

Sharing

General

Target

catalog-1892844522.zip
Size

50KB
Sample

210513-jqpleagwra
MD5

113915686b94a3ebf0024da8319a1c4e
SHA1

9a7855f6fe84e9a739cfa03108fc02a15bc65e38
SHA256

08dd21cb64a79ac802a2db86eb92e3e8a1e36b24aba8585174f5b43eaf108429
SHA512

c742b2595e1e8b02de1f485b4ddef498342d44bb9a08a5ea6616448bf4abb020ca85f699c27493bf313cc7498a3c16678a6ac4feeda7250c75b4eebcb298812a

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1892844522.xls
- Size
  
  367KB
- MD5
  
  33324c321cafaed943310d05684386a4
- SHA1
  
  fdb97d4ff2bebc22c506a4306ef7aad9d979852d
- SHA256
  
  0565c200350bc8c09dc6c9d4a24a46434a89a5820eecaa11cb4ec0da24e5f53a
- SHA512
  
  0bab9bf1c80d220b26a70fbf3ee4b58b36a9f57d611c01f978a2fa29684a9513f115107b4f7108bd13ed733bcf1cb0cd6a7f87408d1512b24bb3b9db10bf83a8
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2