General
-
Target
PO 24000109490.xlsx
-
Size
2.0MB
-
Sample
210111-7e9mxpnmma
-
MD5
6379ce1baf8d921aaae608b2dd8906c6
-
SHA1
ce09f77a95714d7a44f2ad55c64a7c60ac2ada3a
-
SHA256
25aa6bd2dcdf1aa19a84a16daf35ddecf15f62cbfb76a4e6d06735abed15dd7d
-
SHA512
efc3710a2fec71e1b553233585fa266b952aab1d83f12c681b05bff4b9f744f5ae58ee15b1ac97abdb849da823e155c611e14ee98888928cb3c361c1f65a9662
Static task
static1
Behavioral task
behavioral1
Sample
PO 24000109490.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO 24000109490.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.bodyfuelrtd.com/8rg4/
fakecostasunglasses.com
twinbrothers.pizza
jizhoujsp.com
qscrit.com
hotelmanise.com
fer-ua.online
europserver-simcloud.systems
redwap2.pro
betwalkoffame.com
latashalovemillionaire.com
8million-lr.com
tomatrader.com
modaluxcutabovefitness.com
shishijiazu.com
cckytx.com
reversehomeloansmiami.com
imaginenationnetwork.com
thecyclistshop.com
jorgegiljewelry.com
hlaprotiens.com
biblecourt.com
puzelhome.com
musicbychristina.com
iregentos.info
ephwehemeral.com
qubeeva.com
healingwithkarlee.com
giftasmile2day.com
ondesign03.net
argusproductionsus.com
tootleshook.com
sukien-freefire12.com
windmaske.com
futbolclubbarcelona.soccer
veteransc60.com
steambackpacktrade.info
zingnation.com
myfoodworldcup.com
playitaintso.net
crafteest.com
deutschekorrosionsschutz.net
streamcommunitty.com
gatehess.com
hechoenvegas.net
4037a.com
santanabeautycares.com
100feetpics.com
johnsroadantiques.com
improve-climbing.com
18shuwu.net
amazon-support-recovery.com
vibrarecovery.com
deskdonors.info
triagggroup.com
probysweden.com
helloinward.com
vvardown.com
kicksends.com
alwayadopt.com
modernappsllc.com
itswooby.com
med.vegas
chadwestconsulting.com
africanosworld.com
Targets
-
-
Target
PO 24000109490.xlsx
-
Size
2.0MB
-
MD5
6379ce1baf8d921aaae608b2dd8906c6
-
SHA1
ce09f77a95714d7a44f2ad55c64a7c60ac2ada3a
-
SHA256
25aa6bd2dcdf1aa19a84a16daf35ddecf15f62cbfb76a4e6d06735abed15dd7d
-
SHA512
efc3710a2fec71e1b553233585fa266b952aab1d83f12c681b05bff4b9f744f5ae58ee15b1ac97abdb849da823e155c611e14ee98888928cb3c361c1f65a9662
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-