70fc73f930e91dbdfab94f34394bed46943f84323c5b1df345568b1347fa052c | Triage

Sharing

General

Target

catalog-2076456554.zip
Size

50KB
Sample

210513-rqjgavsd46
MD5

0a62a76a22c376e39a939a76b52acc94
SHA1

d2d00bf630fb568efa6db5600bc1d9bf929af2d9
SHA256

70fc73f930e91dbdfab94f34394bed46943f84323c5b1df345568b1347fa052c
SHA512

0987c106de0a5f4dfe56f4a4c2f1465cc91a18e33a80a1fc88eadce5597f3c8153f40b758b6e978c350c7ec5316f6850bbd8ea423a3d38aee2ed8211d1d5d9c5

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2076456554.xls
- Size
  
  367KB
- MD5
  
  989e6ee326ab46fe6dc9cb2cc8cf1b16
- SHA1
  
  a9754fd5599041bafb3ebfa7b77fc90595ffd5fe
- SHA256
  
  d1c3351b68a58fd8e0569c4c651c6cdcff1ad044590e2181de7f0076c099764c
- SHA512
  
  cbd2e883bb2f369f3440d4f4a0eecb785e73a5da8e518d83879c84a5498a431c31cc8407df9162fc7f4dc1e43df1946e8a59ee788006d9489fe1fea3381cfedd
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2