b0ff15db4050171aeba103ce1e062aa036af3da1005ba2874ae968f05a9e3cd0 | Triage

Sharing

General

Target

catalog-2106884024.zip
Size

50KB
Sample

210513-jqrpkcmlnn
MD5

cb6d0ab59f595013f90988fbe74aec60
SHA1

6cb67dc7350daa48c7d99c7987181f9bd2028fa7
SHA256

b0ff15db4050171aeba103ce1e062aa036af3da1005ba2874ae968f05a9e3cd0
SHA512

dfabc853a2402969cd883ec9d681e18940be8d01391ccc9df907484fc544238193185156325f412e57d555d8cac3c7ee0f92335cd270084daa04de398f64c44c

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2106884024.xls
- Size
  
  367KB
- MD5
  
  709c66ed686fb25a8f4bee76ec6f8a1a
- SHA1
  
  73920117cbd26cf3a5854d31a401a8843eaf8b78
- SHA256
  
  e8c554d96d79173f534a147c98a54a329eb7228b110b5dcae33cfc7ce02fd16e
- SHA512
  
  560376c50f62d585eac050610bba78c546c0fe625f6bdda253fc4fdb29adad277a78ecbc2104384ac71ec185ec0935dcb63d1651c4fef320df3a1a02f011d822
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2