ab6d039ca151b2fb61dd458284ecaee5230ae39f1932d398ae2610a8ef333a27 | Triage

Sharing

General

Target

catalog-1997266566.zip
Size

50KB
Sample

210513-lpe7x8wbae
MD5

3dc7536d6a3c3abc7aa4c1f5f9ff88b5
SHA1

559d42e03658790a37d0f36028329d0e05453505
SHA256

ab6d039ca151b2fb61dd458284ecaee5230ae39f1932d398ae2610a8ef333a27
SHA512

6e91078f1227bd40d7f44a199530d598bd039a51755a644ee81d46410829e037a680b1f99161fc8c3b272b0e855ad61571ec34c783147b14a7fc28fe39ebdb03

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1997266566.xls
- Size
  
  367KB
- MD5
  
  8e03e6294a7d1e52e03a59d832b3deb2
- SHA1
  
  2cc1e1a0d0e6469cf32052b8126bba5d303abf51
- SHA256
  
  2e39fa64a512c09374036965a91f1849967e499f8a390901e4ceb7a9484f2305
- SHA512
  
  7285fade26bf02b3a07a9e6abb64ace9ba4eba4ecbde55594609f681309f8111787b0ca881282cb4baab79b64b42ca59d024d80136e04e4d92dc9f8b33665b5b
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2