a29c86e43e78cfb3ba3759f7946d15d826129031ee884ebe3f76ef2fa90ababf | Triage

Sharing

General

Target

catalog-2006600259.zip
Size

50KB
Sample

210513-yaefwarf5x
MD5

5ec22259907def99f05e6a75dd872111
SHA1

7c24c6e42b8a4a4e1ef10d0263c19c11752148cb
SHA256

a29c86e43e78cfb3ba3759f7946d15d826129031ee884ebe3f76ef2fa90ababf
SHA512

5fee1c7a53bf139ff23d9fc74a55be0f87bb9cdb0da3124d66112c40f0606861c9b4251834e340ce633d1b1305c684680357e9c4fe2944343e4405ed29f6e8b5

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2006600259.xls
- Size
  
  367KB
- MD5
  
  ed2013b4e4ccbc43be8f3a0413e099c1
- SHA1
  
  d039486f9775447792797d286467ac3d8ac987d4
- SHA256
  
  9997a64dd776de7a5c84866db4d7278b8218b9bef0ff2167c520d4ba7dd07db7
- SHA512
  
  c914134e55b48faac35c333739dedd5763382f0b60bd08bff8a29c62abc0a28ed172275e2b573ba0da4d0e455d96c47bf45b6f92040b4091c96f2ae9a376534a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2