General

  • Target

    catalog-2098741452.zip

  • Size

    50KB

  • Sample

    210513-zdralgnzfn

  • MD5

    adad50c0830ae66fd1d3f115e562fc8a

  • SHA1

    8413c1822507fc317ca16b339d277fdca86277d4

  • SHA256

    516816611c1bfd046dd22367461542f760a14a1fbe06422f1ca5ca9580fb120d

  • SHA512

    46988cb4c078e6aedf8b262097d7b8a2eea8ef834586f0bd5f6ef3f406495ba9b67955048bb8a8bb41a32aa4020c7e8991cbe5c4120954908755df309b11d6a9

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2098741452.xls

    • Size

      367KB

    • MD5

      a55a762fd05ba03e1645d621935fb342

    • SHA1

      fec20b078a586b75e32b3cd07876e8a83422813f

    • SHA256

      db737401e289eaad9afb22f1e7808d8facaf50d3e297f134143fae9fa28f7eba

    • SHA512

      c924c19992d74f5079fd2a5380b0471a81702f7fedf53dee74c3e855e2df4400a845feff86f6b386cc3f63534e5de4786b1ceb7428e839526a84c54cf5fa2bc6

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks