8bf794db996358f950cd7fba85182e67f93d0f4372f359eeddb02dc7ee6b9dd1 | Triage

Sharing

General

Target

catalog-2008075537.zip
Size

50KB
Sample

210513-pgqr6kvlc6
MD5

4fcc158cce954f898fa307d07e64c91f
SHA1

af605d6ee13d2d4091f36a558d51d3708984dd5b
SHA256

8bf794db996358f950cd7fba85182e67f93d0f4372f359eeddb02dc7ee6b9dd1
SHA512

edf8e8ff5e16f0d9bff73fc3bb943aec61e10f033e8c8896253639cfb26f84eb931ccb9e632813d938a144563e75eb3adb8558f8133e63b936cc1c272c763654

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2008075537.xls
- Size
  
  367KB
- MD5
  
  4060bf1e1086dce18ef6dc459d1bddf0
- SHA1
  
  cc281ef4431117020f7dc9b79974fb2d276474f4
- SHA256
  
  51d4bf15f49a7b45e0f21e1c5b82c7527fb7b4acefa93a76b15e334abeb1130a
- SHA512
  
  e2c2a68b843a826b141a5c9f5f557f9fd7266c63f80d108b50d5a1e403542312ff890ff3920b3298308c895eb98389bf423ae0a4ba119a1a6bbae88ce9eeb166
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2