General

  • Target

    catalog-211036198.zip

  • Size

    50KB

  • Sample

    210513-z4pg17y8b2

  • MD5

    5050db22a14f1e13915d9047179a0682

  • SHA1

    faf26635b92ea880f29c11c49788f4d170750c45

  • SHA256

    0a4ca5706c2b0642f95c377dc86ee7f68defc73efce8261b30b10388c1f9b0ea

  • SHA512

    53c07eeb9f71aad92d4c7d803b851d00de7437827ca80ae05adc794be963eb1ecc5c1c0597d86b41926b1b13db048db316b7604a12502c94df68fffaed3f7402

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-211036198.xls

    • Size

      367KB

    • MD5

      c6b04bed0719b732416cf030699b253c

    • SHA1

      4c2b915c294c33d05de9519596a401b193da33f7

    • SHA256

      96d6b1cd9c8d3832371137f383ba36872a0967b38bbcc5aae2fe59e221b2756e

    • SHA512

      77809d9d7881f83eb2ed99f4f5b8ec893a4f18dbe2c8093630d4920b01038542cf6f91f38d5bacf32f0e22c89989292a56f1aec6cb185b960b83ab65e481b3c7

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks