Overview

overview

10

Static

static

catalog-19...60.xls

windows7_x64

10

catalog-19...60.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1971983960.zip

  • Size

    50KB

  • Sample

    210513-wpqwq7hl86

  • MD5

    f7cbe4e2d91106d380e1cd0cd6d72a19

  • SHA1

    92e2735acd856f454942ed9ff1c086258959b1a2

  • SHA256

    d768b54b28129fb5ed7105396a76cc46a74e46644c01a2e529471ca67c25f2dc

  • SHA512

    ca43dc88f081173d26aa847026fc785524b51750ccec2b26358ab55839a34b1bb01f828e6a471a32afad5120894a3f00849c77160babb04de522aa1bf450a665

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1971983960.xls

    • Size

      367KB

    • MD5

      d028f64916d4f3bbfa2b2087ed469aef

    • SHA1

      0d626e3ad3226b5d63e92f9cc434561f146b6277

    • SHA256

      30f267731c59a76c1849a66ab62ec5b500b19adcc7b157230588d089d0e28286

    • SHA512

      4759e6f54a94b7243a1a0c916c943e40e9c70f145d39592071aea86dd4fb2d9f9b8074ab3863acd6a044ee826e1f920e9f8970669d94161d6b9a0df17310e42c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks