Overview

overview

10

Static

static

catalog-19...98.xls

windows7_x64

10

catalog-19...98.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1951952698.zip

  • Size

    50KB

  • Sample

    210513-n1cgyyq6r6

  • MD5

    bcca3ae27b289254a3ae15170a2eec47

  • SHA1

    3d27eca9329e40fc8d66b3cca551d8c87153373c

  • SHA256

    dd5882435ec99aa9b269d1edc694987f9647774a4eed5fd688b2be7bb5dda44c

  • SHA512

    ba55d290a3463ca54385f72e5b8df0a2b209e8aa83c7953aea33d5d41ab7f1512a6bc8c409c9b0f092ad9d65ca85f68738ae102057c62edb819ece17635afc15

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1951952698.xls

    • Size

      367KB

    • MD5

      8ecc01131dd65a9798f9c23e64f50a67

    • SHA1

      9925b3b1bd7d23accd232e4f607d73e9cb0e502a

    • SHA256

      318ad4ba3470f11966f91e5d38fa22ff1dff1a78102fb3c1d5a059cf68e69bf5

    • SHA512

      00794868a2756f55c9c6b6ded3bfe8a88b9c9c6b8ad3dd9d59a2682463f014ae371e39e36eb589c34fcb572f104a2d9d9ca4cd298296fb780cf46c4592627de5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks