652536b172de840214bb5cfaf30c7e97ff072f7e3b8dfbd064a472437d6dca46 | Triage

Sharing

General

Target

catalog-2110884480.zip
Size

50KB
Sample

210513-yeekysjdma
MD5

e3e4bf77b97450486072b508702554c4
SHA1

959f0fa0e0eb8fadec9faf42a60e532e848ad869
SHA256

652536b172de840214bb5cfaf30c7e97ff072f7e3b8dfbd064a472437d6dca46
SHA512

cec09ae95d0a0f0694d2659ca687cb397e7f57137fed5378df1cfb568fe4f4273f95c7059b56cdd072bcc62347da8cc9c43efb36812546427ad3e7aed5a2dbd7

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2110884480.xls
- Size
  
  367KB
- MD5
  
  db99d7e76f6d1b8cc556e11b6c049dba
- SHA1
  
  e6b95c81ed553fc80df370cf7dbdeb38aa61f60a
- SHA256
  
  60013c87ee667dfb710c543f3bc8f1d051477b02cbcf1a3ad3960f5b44515156
- SHA512
  
  5d1231fe0aa002cb2a1f74858b5cb951c94e14133c4aa672922ce5665d4a312e8d4d21ea291611a1e019211e007de4f902a4ff419d73f61fbdcf6489332c4c58
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2