Overview

overview

10

Static

static

catalog-235994486.xls

windows7_x64

10

catalog-235994486.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-235994486.zip

  • Size

    50KB

  • Sample

    210513-rsmvbw47mn

  • MD5

    e5224ea1dc33ad93d53a8aad72dfacf8

  • SHA1

    e8984cdeb40b6b809083e0172db05106f030cfc0

  • SHA256

    3c59757aba5eb4beeca82fa90b2c6b5e8863f26080cfaf76e5cb3e1b6fd56ccc

  • SHA512

    e12e31a600819ce29a34a31605eadd50f597a2df3bb6049f4170103b2bebb1fd0eb325b7a07ec4a82f8158c0f89539ef3a4e06fba8f6854a01f23fac13fd9426

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-235994486.xls

    • Size

      367KB

    • MD5

      f6067c2ae93428abda3c199f92828174

    • SHA1

      80398e55a739c78de835883ec67220f5e47fb250

    • SHA256

      92d58e3c1f20ee5d55a22b17cad75bd9d500e609f8704596d614102371007016

    • SHA512

      d3cf730960b24d4c0f26f4290840b498675a39a5e85485e38222fe3f325feeb56435163400f32e2269b0fcf1479c570835f3793b46564c5e5616c5effe19a1b2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks