9911b5a7db3a5a4594e3ce1bbc5063a7e486dda82f9f36ec34f7f4f1cf9db3be | Triage

Sharing

General

Target

catalog-263875445.zip
Size

50KB
Sample

210513-vzkk4vbwes
MD5

c843f6daadebab016fc266a2c90f5e77
SHA1

7b8478d446fb693039774275ddf7a1dd13e7ac90
SHA256

9911b5a7db3a5a4594e3ce1bbc5063a7e486dda82f9f36ec34f7f4f1cf9db3be
SHA512

4f3e5f48b44d71958ea1779308e80e7a14ff9902829017c2dfbaa0c122f99a16694e7e8c9b8556753569ed7cb70738d8c5792ed0c344f6134f503fa49ff61693

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-263875445.xls
- Size
  
  367KB
- MD5
  
  a2b5afab8787eef21e0d90b379c81501
- SHA1
  
  cc458e5590733e958b246eed7be7ac02afe89af3
- SHA256
  
  89a18aefed41944305db3b5c39880378ce1a8434d449c87fbf2cd20c2a903896
- SHA512
  
  9d8f125eef07ef2952918a950b5b2a098d02bcd809e2b5eb4c18a151cf687b9ad38601ab6755da4b04697fa9d8b29c3b9c088c855282360a85ee612af850eaa6
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2