400c128b0756f2796bb0734d178616918e5909980b8fd490711ddfcfff58ebca | Triage

Sharing

General

Target

catalog-2139266016.zip
Size

50KB
Sample

210513-sjptnsyqwa
MD5

61ae825adbf5413ccb2dfe1ccfb3cb9f
SHA1

278f8abdae76f86a0d495335dec66daedf4f0e41
SHA256

400c128b0756f2796bb0734d178616918e5909980b8fd490711ddfcfff58ebca
SHA512

597d4d5cd240503a51f0640c726dca23c36c128759822a6fb0e66e11128322dca150135ad7c25979bdf096ea8c40352a8a2930601488678b6c160f9d2ae36c62

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2139266016.xls
- Size
  
  367KB
- MD5
  
  37c6751eaecd773842215726fa45799e
- SHA1
  
  eca620624262b47eec7c6c18c6aae195915f7b06
- SHA256
  
  7c6d45888f95d211503c07414168d7d8362e1a188858b17f97b514ba8a4e91cd
- SHA512
  
  527c265b514a480e7a62ee5b79f2e44bc309b9f0eefaf1da5a76aa24d2e2ff89324df00e9aaa4db924e9dfef4c4bcfd20e57f1e6b5e1ec73c93167eaf5cead5e
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2