c1627c5e587ab1dbf29c0b53d843e0a0e8b95e8908fb19a2546db740ec600c11 | Triage

Sharing

General

Target

catalog-2078447845.zip
Size

50KB
Sample

210513-rltxydvena
MD5

5697e51af3c2ab2ccfed5c4101fad690
SHA1

532a5b4aaa2ed0f0a5daa80b87fd6e9d9b54e587
SHA256

c1627c5e587ab1dbf29c0b53d843e0a0e8b95e8908fb19a2546db740ec600c11
SHA512

fcb543e6ff588d1915a728e001c39f7bf609965ec8ee3a5c18b2ba62a0f0f209f777b4da9ea1ea2e2e79bf9fdfafd21b8fd95422ca659b66f0943f14d2b189cd

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2078447845.xls
- Size
  
  367KB
- MD5
  
  a6d54af54cd22d49bf1ad8f3ffad8aa1
- SHA1
  
  1b9fa1a030acbca01a82f2bf43a7d368e2b614ad
- SHA256
  
  cd3af5d1c2ca5c7ee66d05bcb6e4113fd8e14821587973ed293ce5c9c4e0af06
- SHA512
  
  5ec1b5ef5e6c762f1cec8b2de7d897f6f8de0782255acfddeed78a518f62018a536b906f6a912f700877aa1bc46eb79286fce4563884999025c20257116ec870
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2