Overview

overview

10

Static

static

catalog-20...33.xls

windows7_x64

10

catalog-20...33.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2043858833.zip

  • Size

    50KB

  • Sample

    210513-ngjevflrrx

  • MD5

    7ddf3f90107379b2083e9ebd1a66361c

  • SHA1

    482b59ce53dffa4f95a35ee68f1967618817e87e

  • SHA256

    00694c9ffa8ae592d4c72f3312591a32db50c897edc7ce9a98e13b75756586a3

  • SHA512

    3b8b45817f2263dd85f0b81bf118cc20d3bd44b41785ec411b6a76b0f235325aa4de0c634ccccd5a8b57ac4d2c907bc0f6a7f427694a0987b95fc6d75a910fc2

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2043858833.xls

    • Size

      367KB

    • MD5

      ae337c088028668f0e2bff8cd4720611

    • SHA1

      294e9a17d11705de3f7b6302b70326f4e6e6fa00

    • SHA256

      3a2de618fccfc9d477a964e00221a4f05ef00097060928f42de14e6ae2a2f1d3

    • SHA512

      adafd08029699da6f5d996b92a9830612c546c5045e331dcfd37267031f52d9837bb7f3ff1a13d0581ba8e279aaa71aafdfde0cc332a6e89c46cf9ec64733aab

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks