Overview

overview

10

Static

static

catalog-286182570.xls

windows7_x64

10

catalog-286182570.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-286182570.zip

  • Size

    50KB

  • Sample

    210513-lyhh1pjyrn

  • MD5

    d7e366eb3a5ce61f025600b839dd02a8

  • SHA1

    dd7b04ee616a95c65d55ee45c4ccdef47989b598

  • SHA256

    dc9cd146ea34015db3d53ec5226fc2abffb9af84d08d0d17b7194a09246b1d21

  • SHA512

    0edf8bf83c47b08c7705b3fa310e484986263c1ba35570097202fa8536ab0572428e8f0e463003f06260caa57101c79b447ea8af268d45cc3031f53d2b73af3b

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-286182570.xls

    • Size

      367KB

    • MD5

      1f1c8c9b9cb803c5e981b4b3b72d0a6b

    • SHA1

      6700de6449e0f2a29f5e75927c1eaf30c1082903

    • SHA256

      d07cd5fe8ad399a4c3c7464d9b58c8bc1542cddd08c42d9f580bae86f45ba5b8

    • SHA512

      061179f6cd73fbed671e8fa9259155038418207c2940f47fdc4ccb6616b594bb2a7b4bce7fb54a82552b466ed07382bf74ab41de24809d5717700299127fc3bd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks