Overview

overview

10

Static

static

catalog-295819331.xls

windows7_x64

10

catalog-295819331.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-295819331.zip

  • Size

    50KB

  • Sample

    210513-pq3s1tk9d2

  • MD5

    4bf21726f7dd2002353ea8452607f4ac

  • SHA1

    2b3dc700fc89fa3052de677870a0f463f7cff1f1

  • SHA256

    a05844d21f0f0368b9d5a94f2762da6747568bde70395abd6f59a401edd3cc1b

  • SHA512

    2ea2bc45b0c44c7a06b1c492ff586a0025d4c97fe591db9da38a761ccd64698f3bd20efdc9ce1f38b1bbb24323491b4b5362877cc709c6d229d6f43da626c87e

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-295819331.xls

    • Size

      367KB

    • MD5

      80a1976552ba348d725db1c3c3ff5a14

    • SHA1

      27963b4571a46f1cbd4dc9af90681d16d77e4ef8

    • SHA256

      4cb5af26782cfc92d9b813c409352532e5149a3c2b80bdeac5ac1228da568522

    • SHA512

      30545af59e4b8e9ee70fe398751b3d6333b50d9cf7745cb5662617c5588ccea29717f8ad1aa59b5e8f355417471a7324bd5e31fbf66388cc7447fc3ac9d33c7d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks