Overview

overview

10

Static

static

catalog-20...95.xls

windows7_x64

10

catalog-20...95.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2013516395.zip

  • Size

    50KB

  • Sample

    210513-msmem1tehe

  • MD5

    c457758b11ca1cdc09cebe9391554704

  • SHA1

    6606e336f5739e83608bf086eaa0015730d95743

  • SHA256

    60d9c70f1bb1c1f428bb6fb14a86ed07fbcb6d228d4628a1eb600c9236d93760

  • SHA512

    2239f026f19a75566b374b7a559792419c98e6df1b40e075cf1338795bf6610e9a1c896cfa4962b31524a3fe50b5d7c439411ad2dacb60a04c70f8f2b67cbcd8

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2013516395.xls

    • Size

      367KB

    • MD5

      10fa72ec3f271607f50229436be4aff0

    • SHA1

      f11dd7f03f0558bd8e94116c44c1407400b583e9

    • SHA256

      4245ed2a0f5e4f3f8a5f5c6bd0ddea695c3fa2830be20d30627460564b3ed0f2

    • SHA512

      e6bf973cb7bf245fb641bd458f0aa286efb3888d9b847e255d53e96bd4438179bc1915561b2f7842f3ea3351550b056af65217c47843e077c9c76621686b0955

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks