55ec5f94b7ac8f0564f13a52ec53b4008d3a3fd9cea3b603bcf96bd285ced46b | Triage

Sharing

General

Target

catalog-1981251487.zip
Size

50KB
Sample

210513-qtnbslqqrj
MD5

81fd45024370bb870d7ddbd148b103c2
SHA1

af7c2ab58c5a17244689352a98a7aa2c1414765e
SHA256

55ec5f94b7ac8f0564f13a52ec53b4008d3a3fd9cea3b603bcf96bd285ced46b
SHA512

4bba690b58275b487b5c4436b6819b1e90363718be29fecbd44f1b993c753313d6b7fd6b961893f5407fed09ff3eb8cc695757cbb0e29a091e191ec6fed41d55

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1981251487.xls
- Size
  
  367KB
- MD5
  
  1ce3ff8075bd41a50d249a074aa25e89
- SHA1
  
  23c40978c1c63824aeefeeb3f420e9f073272675
- SHA256
  
  fbec2cfe17c29a256bdda91314514e306d4e7d863733ef90b507e543c0df7214
- SHA512
  
  ee890b932405a93a5bbe970ec7cffff1d23e2275c8c21cf95f134cd1017d9f9bf32d6ddeccc84527e9b06a75360b2b3171afb52e12c134f8e6d23698ed9d4959
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2