Overview

overview

10

Static

static

catalog-219675823.xls

windows7_x64

10

catalog-219675823.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-219675823.zip

  • Size

    50KB

  • Sample

    210513-q33dshvxje

  • MD5

    83090f3db81cd9e70afaf957a2500eff

  • SHA1

    00df9cc16244b9b0292a8919f517f03bdf27d2ec

  • SHA256

    37f0eab40c2f51c847929eaa258dc86cb530fc5d0413891b78361151055a258a

  • SHA512

    68df2d3afa39c5c2cb84e0b147f4b1fc7f9e417118b08f1872c741da7c5a30b764170930fe68531f6dd859c75c819d97f9cb562358ca456f31299794fd60aade

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-219675823.xls

    • Size

      367KB

    • MD5

      8608d0f96148b9760221c347aaa7475c

    • SHA1

      4b4dd4b410c40f219cf23cc907a2b4b74a0ce921

    • SHA256

      e50952c7bfd437c63950e6b7d1bbc5af0eedf26b266d9d544ea14e7035878c66

    • SHA512

      f83b02b0e2c247419c6cfa71cfbc40e8ba331d0f9053e47c51ed118bd17b707715f3d5b4955438b2848921bb20cdce01a212abb6c11a7e5d72fa10434249c2fc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks