c1cd69fc3732c7ea9367a29c1c8e11b1da20d198206824b25853205435342865 | Triage

Sharing

General

Target

catalog-1984326870.zip
Size

50KB
Sample

210513-sdcqrfge5a
MD5

bc0d3605d8d6075fe37eb250c26f0f89
SHA1

c3daf975a49a18ba6ec20970375496c9a411b6d5
SHA256

c1cd69fc3732c7ea9367a29c1c8e11b1da20d198206824b25853205435342865
SHA512

f40bc546244fe9fe5918c5329d78a6fe1ea5ff2c1e7f679b929bb0a3e040dac00e8f0ba10afcfe8705b0a1cd0b2142f009ba06120e4016a2db8058a6ae7953e1

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1984326870.xls
- Size
  
  367KB
- MD5
  
  ac4c199d9b5c0a440f44a9c0a3687e34
- SHA1
  
  43b155c9687ce4c9c1764644ee6a38014057b89b
- SHA256
  
  33457a213d130dc99a596e1374edd16414e61cd67377d2134bfd463f94b77c01
- SHA512
  
  9f792d920c06bd9affdc3eb9861488f521de1e3bd34202332cf54cf84240947be68ea57bd6fa60a7c0c517a7be789b3a649c30aab1503463888427b31b4c96ee
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2