8e838b706db6c532ab1672a72b17e11557c383485eaba5eedfb17de2159d582a | Triage

Sharing

General

Target

catalog-1935279047.zip
Size

50KB
Sample

210513-nyne5dce5s
MD5

2dd37846b51781645d2a8a0d4c3c72b5
SHA1

3169d771bb922ccee6a315738eec7af18a8fdf9e
SHA256

8e838b706db6c532ab1672a72b17e11557c383485eaba5eedfb17de2159d582a
SHA512

386da742217fcd25d922ddffa1c73affdea4bfec02d249a625be94d723b3f4ad96118d0601b49673e3c70fb1f0c181eadbe2d8abbbb63bfabacd308e009e52aa

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1935279047.xls
- Size
  
  367KB
- MD5
  
  ffba2ab361a32be76f1f939a8c6cb175
- SHA1
  
  efb0c9daacc2e5d79c609032f63003ed0b07f9ad
- SHA256
  
  391930b7afe2d75628c9458bc6071ffda59b49084240c98d151f7024035cb028
- SHA512
  
  1bb8939b45d4baaec6188390e57726abe1bf4c201e68258eaafa8209f8a23e8f9166cd4e1cba0646b09014fcf167a6d60fb11f572f76482c2ecc5a44de514ca1
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2