Overview

overview

10

Static

static

catalog-20...87.xls

windows7_x64

10

catalog-20...87.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2092391987.zip

  • Size

    50KB

  • Sample

    210513-n6tkzndlh2

  • MD5

    08253b5e16d587e6b009e00ba927d589

  • SHA1

    4bdfed40eb6030272592407a8d99fa6a30e170ef

  • SHA256

    cb803db868c5c9ca9afb6beabace8d8d56b8aaea584f6d7abe880c649b89cca5

  • SHA512

    a53b90fa7b1b83e3f4aa22075c86faf2602590a510600caa17475a849400cd1424ad96e257fca0a6f393f10369bc2c9d1c2a8f2bc30b011a2ef292e48fab960f

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2092391987.xls

    • Size

      367KB

    • MD5

      bfba956a0060db4b1652555e49f4d4dd

    • SHA1

      04136e538857dd4f6b51e34e4832ee74a35b145c

    • SHA256

      27aee427afe05cfcda720658b55944a935bedb3023f8ab3e214d5e32a01b737b

    • SHA512

      2176fc7a1f709cc9f20da2d76d813428ee222c2f4665a287a550872c992d1272800ae644b7cb30c22781dfcba4d7f7faa4c194e22201103e975ecb3518f2b285

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks