General

  • Target

    catalog-2006600259.zip

  • Size

    50KB

  • Sample

    210513-yaefwarf5x

  • MD5

    5ec22259907def99f05e6a75dd872111

  • SHA1

    7c24c6e42b8a4a4e1ef10d0263c19c11752148cb

  • SHA256

    a29c86e43e78cfb3ba3759f7946d15d826129031ee884ebe3f76ef2fa90ababf

  • SHA512

    5fee1c7a53bf139ff23d9fc74a55be0f87bb9cdb0da3124d66112c40f0606861c9b4251834e340ce633d1b1305c684680357e9c4fe2944343e4405ed29f6e8b5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2006600259.xls

    • Size

      367KB

    • MD5

      ed2013b4e4ccbc43be8f3a0413e099c1

    • SHA1

      d039486f9775447792797d286467ac3d8ac987d4

    • SHA256

      9997a64dd776de7a5c84866db4d7278b8218b9bef0ff2167c520d4ba7dd07db7

    • SHA512

      c914134e55b48faac35c333739dedd5763382f0b60bd08bff8a29c62abc0a28ed172275e2b573ba0da4d0e455d96c47bf45b6f92040b4091c96f2ae9a376534a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks