8ca364ed7098ed2237f9f888352f0253a2aa7c79eb8372210bc9484d0e17a9b4 | Triage

Sharing

General

Target

catalog-2034469038.zip
Size

50KB
Sample

210513-retbxzhgea
MD5

f04aff29ab5752fa7089825d56877d9c
SHA1

55a2384a221cdf9e82b8a89276376f1ab8e84958
SHA256

8ca364ed7098ed2237f9f888352f0253a2aa7c79eb8372210bc9484d0e17a9b4
SHA512

8ae7de838d55a6de33ac49cde3db3dc9c1589b768d5681142ecb537d3256c52b6bb6c694de2e689c382f37167ed439c84867c8bdb031cf22f257b22d81bceed3

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2034469038.xls
- Size
  
  367KB
- MD5
  
  8f39b777bbe0f2eb8820d03771b36499
- SHA1
  
  38b041907c0678b88b1077996219f77d8ed69c1e
- SHA256
  
  6a25a246beaf052796432b25ef9b1589930d867caa49ed6772b73c3b3cc26c52
- SHA512
  
  65483f338c127b7703912d284d0aa70f6392fb9824c92c6657abeae12f9623fd9bb464f12f053d883f6189cfb884cf895e53044059084d4a9820fa38147c535c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2