Overview

overview

10

Static

static

catalog-20...65.xls

windows7_x64

10

catalog-20...65.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2069199665.zip

  • Size

    50KB

  • Sample

    210513-x3a8gtx882

  • MD5

    c2f46693965880eaea38bd828fb2c980

  • SHA1

    508c27c4644189b480d25b85cfaf6724f1394247

  • SHA256

    d3ea59ec0efb30e2c5ffde9d495086e561bbfa33838496e8471620a0c42dcd1f

  • SHA512

    4524885dbeebaf5317d8234bbd28272fe863b9156752d52a71d4bfb0e9f06a2a0dd1112c0befd6176126d2617e773a10650583eac46de7913663197af45f1360

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2069199665.xls

    • Size

      367KB

    • MD5

      6742e6c77e178b6716fd41cc364f7610

    • SHA1

      9e36cd6fc7d9bed220228322ea003493606c4102

    • SHA256

      a9fa03764c7fd24efbed3650e7598c1e009f67556fbad852e668ba790f699d3a

    • SHA512

      5f07fad588961facf4dcd1aa2f3710757236aaa9a8d1ccef0df06db4a00d66a2611b31c7cc1641a1586fc1e660ade387bacc31b281307fd200c557365dfb7771

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks