40b4f28e570212d31feba7afe60edd5dde669dc01c7994c7a819fcf778125520 | Triage

Sharing

General

Target

catalog-2030122485.zip
Size

50KB
Sample

210513-ws126qzwlj
MD5

f933eb54fe778e77938ba8f2f6a4427e
SHA1

51eb8adda5c9280983a5dd5d9f1d1afcc19ab68a
SHA256

40b4f28e570212d31feba7afe60edd5dde669dc01c7994c7a819fcf778125520
SHA512

786323b8d296576cc4687493f214c42b1acc4a1f2605eae64112818b2228fc0ea35f74702c7cdb31e5b23d160daec47ba29a8bb1f99883272feac2f15ce018ce

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2030122485.xls
- Size
  
  367KB
- MD5
  
  84bd232f6e7b2e8d1de94d149203ef45
- SHA1
  
  d9d4e395a1c2b7d36091665b8734ab553525c207
- SHA256
  
  c003c1ac0e1eb457de15bd41ac146519c2aa35effff53e4993527495836f7def
- SHA512
  
  12a4e07a1ddace61682fd9b67ce93a611ac3293f6d53247a59b1b819fe02beded432f89238ff0c90284fa17c7c263c2c4e142d0f4e46664acb30687748861a92
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2