Overview

overview

10

Static

static

catalog-253019122.xls

windows7_x64

10

catalog-253019122.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-253019122.zip

  • Size

    50KB

  • Sample

    210513-mhmjlspxlj

  • MD5

    f532c4a0e3825cbeb416403a32cfddf3

  • SHA1

    635860ecfcaba6ef3e4576060d78a198de99092e

  • SHA256

    921e6e37c31b1273b88e4b60d148d90a674c1ea58150e0120ebd62a832d82724

  • SHA512

    01d1d78e0e48316a993c8673acf99a4f36c92f8a5ff8c5471ffef0bf178a80b3be22f78c364c8abc3fc007b1063824dbdf5c9137a6eadd30b68f00f9dfd0648d

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-253019122.xls

    • Size

      367KB

    • MD5

      cca3648fcc56dbe873ee8bf7e4138e38

    • SHA1

      774f86b2c86969876f818468c0161806433952cf

    • SHA256

      355a3ea3bd8c056d7a870b706b7e3fd5472672e2bfa53e9967bb606ffb283f6c

    • SHA512

      fb7f6e71df53df4a2fe6a77ecb14ca8811017f4fa8adeb3fa14adc09d0ff4989a23f5343f7f4630b77e6c87db585dd7e5412ca1973ace897c49078bd67282897

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks