General

  • Target

    catalog-1984326870.zip

  • Size

    50KB

  • Sample

    210513-sdcqrfge5a

  • MD5

    bc0d3605d8d6075fe37eb250c26f0f89

  • SHA1

    c3daf975a49a18ba6ec20970375496c9a411b6d5

  • SHA256

    c1cd69fc3732c7ea9367a29c1c8e11b1da20d198206824b25853205435342865

  • SHA512

    f40bc546244fe9fe5918c5329d78a6fe1ea5ff2c1e7f679b929bb0a3e040dac00e8f0ba10afcfe8705b0a1cd0b2142f009ba06120e4016a2db8058a6ae7953e1

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1984326870.xls

    • Size

      367KB

    • MD5

      ac4c199d9b5c0a440f44a9c0a3687e34

    • SHA1

      43b155c9687ce4c9c1764644ee6a38014057b89b

    • SHA256

      33457a213d130dc99a596e1374edd16414e61cd67377d2134bfd463f94b77c01

    • SHA512

      9f792d920c06bd9affdc3eb9861488f521de1e3bd34202332cf54cf84240947be68ea57bd6fa60a7c0c517a7be789b3a649c30aab1503463888427b31b4c96ee

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks