c3f7771ed282faf0fa4d16bb72b4d62b9cd22e232eb0c73262ec8fcae15bd237 | Triage

Sharing

General

Target

catalog-2057850280.zip
Size

50KB
Sample

210513-wefpgfkt12
MD5

47016bccca443dee0e0d964d96f76ef2
SHA1

e1ea43c7004766c8cf39a996f59c961fff7be589
SHA256

c3f7771ed282faf0fa4d16bb72b4d62b9cd22e232eb0c73262ec8fcae15bd237
SHA512

7107e313a38c0eaecdff661ee024c104110ef9092a98d9a00f5453c80c109363706a84445243858f246ea55b288df7fb371b382136543adfb1fbbd9185c2debd

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2057850280.xls
- Size
  
  367KB
- MD5
  
  5a7071c7b0dda9e5d66cfffe22ba6d38
- SHA1
  
  eb5252172360301b8f347eeb46c12ce9bd67c7e5
- SHA256
  
  66e8cde19f269b216b400df999df8a0d700c632b9c131c533ce3943b5d1395dc
- SHA512
  
  3c00442c9364b427de3668567f2135a1075050ce9eb6eefbd00f6dfacba0e63f6cd9193887b25852cd94b5dbabe4760bf208715a9051eedd4c1cfb7b0acd1360
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2