516816611c1bfd046dd22367461542f760a14a1fbe06422f1ca5ca9580fb120d | Triage

Sharing

General

Target

catalog-2098741452.zip
Size

50KB
Sample

210513-zdralgnzfn
MD5

adad50c0830ae66fd1d3f115e562fc8a
SHA1

8413c1822507fc317ca16b339d277fdca86277d4
SHA256

516816611c1bfd046dd22367461542f760a14a1fbe06422f1ca5ca9580fb120d
SHA512

46988cb4c078e6aedf8b262097d7b8a2eea8ef834586f0bd5f6ef3f406495ba9b67955048bb8a8bb41a32aa4020c7e8991cbe5c4120954908755df309b11d6a9

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2098741452.xls
- Size
  
  367KB
- MD5
  
  a55a762fd05ba03e1645d621935fb342
- SHA1
  
  fec20b078a586b75e32b3cd07876e8a83422813f
- SHA256
  
  db737401e289eaad9afb22f1e7808d8facaf50d3e297f134143fae9fa28f7eba
- SHA512
  
  c924c19992d74f5079fd2a5380b0471a81702f7fedf53dee74c3e855e2df4400a845feff86f6b386cc3f63534e5de4786b1ceb7428e839526a84c54cf5fa2bc6
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2