d66bdca63e996f99b204db85ac4cdad64c6dfd502c84eee2d169ed69ec6f8e58 | Triage

Sharing

General

Target

catalog-1940915897.zip
Size

50KB
Sample

210513-srelghsap6
MD5

f152816a0f3f6a08319adceb9696420c
SHA1

aa283849e5082fd3d59973aff6946530cfbfe315
SHA256

d66bdca63e996f99b204db85ac4cdad64c6dfd502c84eee2d169ed69ec6f8e58
SHA512

f861c8639aab09db656aa4d07458bf0d62541b3759ba4449f281816cf384814f57ee05019559efa0f21d9fe74b4f8d407bc0c2de602c6a175188981a601f7fa3

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1940915897.xls
- Size
  
  367KB
- MD5
  
  f89d243fb68446e093dcacf45b516a43
- SHA1
  
  7f594ff6fd6ca244280e447c0c4ae0fe59b0a84d
- SHA256
  
  f418f4343a2409cbe8109206047737666ad6593871f9d87816ffeae6c3e58309
- SHA512
  
  973922cf1e09e0948a4e2322c61cd8ee1cfb8d9874ca9852166d5fd6eb956024aa8e10eb29f0a810970e82b9761f8eacb667c2e390f23074785541602a10770a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2