Overview

overview

10

Static

static

catalog-20...94.xls

windows7_x64

10

catalog-20...94.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2012680994.zip

  • Size

    50KB

  • Sample

    210513-ykamzajezj

  • MD5

    efc3c4bcc6ef9329e6295d02ba5ccd4a

  • SHA1

    029ccd07d8a1778d7e3dfac7d44639ca8a365f20

  • SHA256

    12eefb2e9db0aaebe97ded97ffb7fc192e548f206f857d99e808cdc525d3b7e2

  • SHA512

    d66da4b625f09fd45f3362f7f08d888a95786bf72c0dc54280fdbc5b94a8ef2b6cbb680d5a7a9ad27ba90b3b684f64c60b07a55ab07ca83065db83861b872ff0

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2012680994.xls

    • Size

      367KB

    • MD5

      d9896920b703407e6457a454319eb076

    • SHA1

      ec5ccc2f1e3894d26c15ec251676d187454b1d58

    • SHA256

      544249732ae65649ccbc287050f771e30333a6a47b5f18d848aa96eb7ecadf2e

    • SHA512

      75ec7a2a661f5b2ef0f9009c83bda1d31c967edcf24edfe16632304474c02880cb036c63f33f4e4006794c6e6ced9d5c28e1dd556a77dda5d592502996a61849

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks