b0ff15db4050171aeba103ce1e062aa036af3da1005ba2874ae968f05a9e3cd0 | Triage

Sharing

General

Target

catalog-2106884024.zip
Size

50KB
Sample

210513-jqrpkcmlnn
MD5

cb6d0ab59f595013f90988fbe74aec60
SHA1

6cb67dc7350daa48c7d99c7987181f9bd2028fa7
SHA256

b0ff15db4050171aeba103ce1e062aa036af3da1005ba2874ae968f05a9e3cd0
SHA512

dfabc853a2402969cd883ec9d681e18940be8d01391ccc9df907484fc544238193185156325f412e57d555d8cac3c7ee0f92335cd270084daa04de398f64c44c

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2106884024.xls
- Size
  
  367KB
- MD5
  
  709c66ed686fb25a8f4bee76ec6f8a1a
- SHA1
  
  73920117cbd26cf3a5854d31a401a8843eaf8b78
- SHA256
  
  e8c554d96d79173f534a147c98a54a329eb7228b110b5dcae33cfc7ce02fd16e
- SHA512
  
  560376c50f62d585eac050610bba78c546c0fe625f6bdda253fc4fdb29adad277a78ecbc2104384ac71ec185ec0935dcb63d1651c4fef320df3a1a02f011d822
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2