Overview

overview

10

Static

static

catalog-216235674.xls

windows7_x64

10

catalog-216235674.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-216235674.zip

  • Size

    50KB

  • Sample

    210513-mts7dpaz1s

  • MD5

    cab90cd2abce0dd673ddd44d7232b936

  • SHA1

    8ecd301c38ffd452a4ec020d369677e75308d5e8

  • SHA256

    5fa3dd7b3ce99c0871bb5d8ca71d9913c9d357632f4a4350846c91159574ccbf

  • SHA512

    b15218b8dce70261de3cef251a1979ca6a42c69eb75976b31ab7ae1b580b9bc7af1afff83b3349703a301fa8546a108579b639ea6f0a94fbafafe24af8e9e40c

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-216235674.xls

    • Size

      367KB

    • MD5

      6bded2a6b0a1b9ec13b5f8180f6b12fb

    • SHA1

      02420d9db0fa0c06a3b330ed828d42a2bfd7a147

    • SHA256

      3d346e6c15d0d025ec9fc4b3857625fef81f24e6b924baff7c5372d0eb378112

    • SHA512

      58c50e9bb4efc69ffdbe6198eb7747ff6c2358c100f97ce4e3e2bc89660459fde30de03851a69e36a2b781a02ca62c168c2799b01efae85859230d93c7932bd0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks