11a82d99ae5fdb5cc4438188e30ebe799356cbf1671c1c893f1e797ea1b516ec | Triage

Sharing

General

Target

catalog-2077572488.zip
Size

50KB
Sample

210513-svwpy3vtcs
MD5

6292d8285cc0839783a92b1896668bb7
SHA1

9942a353a1ae6fac1c538ca82dec2a222c31d885
SHA256

11a82d99ae5fdb5cc4438188e30ebe799356cbf1671c1c893f1e797ea1b516ec
SHA512

2e107711559bfacc046845cfffeac5155771ff2999156fa5d6754bca12e625418d50755eb771b4653c42764478f623e5eb4e5d8724fa8d6c9bd9d56b3b450d0f

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2077572488.xls
- Size
  
  367KB
- MD5
  
  e2a2ab5fed81c1abb6ec1f2326e65cbb
- SHA1
  
  8268b9deff37f48e97c27daac52022f92a2988d7
- SHA256
  
  b12eba05ad4543196d272b3593e19cab66a4e0486c79b0344c0f9ec98e98ae02
- SHA512
  
  258090cebb97aaa9a3edead37de2fdaa2eb38e3e5de2d86183503f7acac7c25504f8f8c5b13b708612bc0a72b65fb1dc64ed82e2ddfbce0bb6bc94d8a829c75f
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2