fe94a86cbf3fe63126171bb635e044b13e4400be0d5c1121edc58916a99af745 | Triage

Sharing

General

Target

catalog-1972536037.zip
Size

50KB
Sample

210513-vk2xhw73cx
MD5

358f008ad641aab76d646da39777fd43
SHA1

16130db30a50619a2da1a069ffeedd80bf3cecd4
SHA256

fe94a86cbf3fe63126171bb635e044b13e4400be0d5c1121edc58916a99af745
SHA512

711f96d27ea4cabe313d8f659440ac0beb98cd914dd54ba47179420042e94c1f29c8df03e9321ebb52bce1dc05c1dbcbe5c5596d01f9784d8da1e365d8d0caf8

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1972536037.xls
- Size
  
  367KB
- MD5
  
  e577b097a4850fad9bd1180d253ecc91
- SHA1
  
  f84b2d90d1c7187b3b47b85cdc592aa9c4f8e9ee
- SHA256
  
  f1f4910774a47c957fea118cf2d86636880f6537f3ea57aed343ba50e6ad20b7
- SHA512
  
  df9d590bb3ae593a94b61fa30c305834dc56a419e8f550ceeae56ac1e92edbcb767b393b7ea339e03a81f458e75160e9a0fba5f3ce5389cbcffbc9005a6fb0b0
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2