Overview

overview

10

Static

static

catalog-20...37.xls

windows7_x64

10

catalog-20...37.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2008075537.zip

  • Size

    50KB

  • Sample

    210513-pgqr6kvlc6

  • MD5

    4fcc158cce954f898fa307d07e64c91f

  • SHA1

    af605d6ee13d2d4091f36a558d51d3708984dd5b

  • SHA256

    8bf794db996358f950cd7fba85182e67f93d0f4372f359eeddb02dc7ee6b9dd1

  • SHA512

    edf8e8ff5e16f0d9bff73fc3bb943aec61e10f033e8c8896253639cfb26f84eb931ccb9e632813d938a144563e75eb3adb8558f8133e63b936cc1c272c763654

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2008075537.xls

    • Size

      367KB

    • MD5

      4060bf1e1086dce18ef6dc459d1bddf0

    • SHA1

      cc281ef4431117020f7dc9b79974fb2d276474f4

    • SHA256

      51d4bf15f49a7b45e0f21e1c5b82c7527fb7b4acefa93a76b15e334abeb1130a

    • SHA512

      e2c2a68b843a826b141a5c9f5f557f9fd7266c63f80d108b50d5a1e403542312ff890ff3920b3298308c895eb98389bf423ae0a4ba119a1a6bbae88ce9eeb166

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks