a138c7938e093fdea439fc17ca28f78d1fa6ca217c971773c3f25a94992cb010 | Triage

Sharing

General

Target

catalog-236752457.zip
Size

50KB
Sample

210513-mcrmc5xah2
MD5

54ef75dc45e951050276ad66f5fd1415
SHA1

b6f8c4c7a55193f26ab8ed9739657ab726ed8721
SHA256

a138c7938e093fdea439fc17ca28f78d1fa6ca217c971773c3f25a94992cb010
SHA512

eb880ef543a05d93d15a90a2545307ba1bcf527a1a1c873b14e99c61c06be4fdb334bea25ac3190f4fe6de8f8b2a3d63c834dddcf96ac356c68ae7149d929285

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-236752457.xls
- Size
  
  367KB
- MD5
  
  4f8bff7047f1dc6470deda5dc56eaa38
- SHA1
  
  ea318203289936b2facec1957f662baa50d6d5e4
- SHA256
  
  501d71d94f7dd2de7abecdb76990f964a12c56795c3b4bf592a289fb55bac8b4
- SHA512
  
  904c5622c8f8172ef28fe90321e7aae88f6050938ba85518023620a344fcaede45afa920c1336efc668dd5c09eb822ce400b86fec69b17bcd32538193e98bd87
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2