Overview

overview

10

Static

static

catalog-20...26.xls

windows7_x64

10

catalog-20...26.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2091407526.zip

  • Size

    50KB

  • Sample

    210513-mk393hxdjx

  • MD5

    1240f838856f167a73a8b18215b214a7

  • SHA1

    e222fcec9e0bae87f1126848dfc76a399ae14313

  • SHA256

    4411ac4c584ba7ae7a469bc5cadf1746edb4ae91f27e0acc74a6f887ce86ac07

  • SHA512

    733b5fcce4f39a529abdf3aebb7e0de6d707d9f445c6f962c772ccf16e1d0445a0abb685186c9c38e08545c6d4eedcd51aa447bd8b777bbf5e7ebcef023839dd

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2091407526.xls

    • Size

      367KB

    • MD5

      0d0cc35f2f5ee1794b284838091f27e1

    • SHA1

      0ebede778db7249c505e2054005d52b5e7218c48

    • SHA256

      fd52b4c9c4a9dfe0194c478ca61b21c047653fe25712f0bf66529af81becfbdd

    • SHA512

      1107cd83e49024516819f0812c9c5e4d87a14b51fd0029c80878b38b43a26d994b8d537171dbcda84760c118f2d3fc77e98b3fad489bf7bf6254785ca0b0a9d1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks