19f9386be36c5a6d83741c5eda9ad8c731c035f000ba19bf26317af7467655d5 | Triage

Sharing

General

Target

catalog-1977979364.zip
Size

50KB
Sample

210513-ygl2d4ay5e
MD5

f967b1515795ab3155e930917933618c
SHA1

a8395e78e5f094dbf527698499f5b1c1781c37a8
SHA256

19f9386be36c5a6d83741c5eda9ad8c731c035f000ba19bf26317af7467655d5
SHA512

c210d505e5eebe885e09d76c354947c82864b87b88280023c346fded68c210bfd320b001fffac6f192decb23ddccecff2c4e27dbef6cb44bd3bd6b6e4ac5ccf5

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1977979364.xls
- Size
  
  367KB
- MD5
  
  542daaed277c1dbcd2428f129f063446
- SHA1
  
  40d7febead1825ef1fa1ddbda956db673a655b84
- SHA256
  
  28e9c65dc02ac450a6c1b3b14ec119a3e551a72ee79d8db484e33002ca17508f
- SHA512
  
  d3a92bd2408efd280fc87f9d2334850d287af4d6595243acc92573ef50fb17cbaadb0838b760933cb4268638d0f19ae832bdef5db0b8c6219c5b5940bee7b200
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2