Overview

overview

10

Static

static

catalog-291062789.xls

windows7_x64

10

catalog-291062789.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-291062789.zip

  • Size

    50KB

  • Sample

    210513-qlrpt2jvs6

  • MD5

    3740e55d9fb367f678c3f7fb7976333a

  • SHA1

    f29b197f42063e0477992c8ef5933be9b70579ed

  • SHA256

    f4ae9632771230fb20614ff160fc95428f21e2ccd16222d9f2c959d315c194b1

  • SHA512

    f5131acc12165eb4388608f28f27e2b2a01d7636d86a233ab7d043b3776cf46892f7a9c7ae2b6e3bfdf3b751edab5807aa3656ccb917e7d42a85d075d7fcdad5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-291062789.xls

    • Size

      367KB

    • MD5

      4ba72be6f26c2b28e8d5a3c06350f794

    • SHA1

      03ad00c7cdc473c87df5261a851dbd7cd6a57de6

    • SHA256

      36c9edf4345834168b730939166bc4da13016112d2a8c7b49ef316b51f46b048

    • SHA512

      fc197877c42649622546d533eb6ad4c46408eee308f4f1b9e9a46a0a5657b959206ed85ba2a146470be98657d680128ed6a2a8b202524ae95eaf777e43dc261e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks