General

  • Target

    catalog-1977979364.zip

  • Size

    50KB

  • Sample

    210513-ygl2d4ay5e

  • MD5

    f967b1515795ab3155e930917933618c

  • SHA1

    a8395e78e5f094dbf527698499f5b1c1781c37a8

  • SHA256

    19f9386be36c5a6d83741c5eda9ad8c731c035f000ba19bf26317af7467655d5

  • SHA512

    c210d505e5eebe885e09d76c354947c82864b87b88280023c346fded68c210bfd320b001fffac6f192decb23ddccecff2c4e27dbef6cb44bd3bd6b6e4ac5ccf5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1977979364.xls

    • Size

      367KB

    • MD5

      542daaed277c1dbcd2428f129f063446

    • SHA1

      40d7febead1825ef1fa1ddbda956db673a655b84

    • SHA256

      28e9c65dc02ac450a6c1b3b14ec119a3e551a72ee79d8db484e33002ca17508f

    • SHA512

      d3a92bd2408efd280fc87f9d2334850d287af4d6595243acc92573ef50fb17cbaadb0838b760933cb4268638d0f19ae832bdef5db0b8c6219c5b5940bee7b200

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks