General
-
Target
Arrival notice.xlsx
-
Size
1.9MB
-
Sample
210112-p7phg75b2e
-
MD5
f0a75c4a537ebc9c4e863bacad75c09c
-
SHA1
87d689d047a88d3bdece0af9b5c5f07477f79e85
-
SHA256
a3758c397e0cd8a41ae947ad432af74b3509c10882104e605cf95ef95c85e0be
-
SHA512
255e051876cc920882748ecbef946ada53fe7d4f614eff4acb5a7cf92fe6cc05b1014de05d49c0f812519fa2093373cbbd65c98b26bd40cfa92bb9dea5a56efc
Static task
static1
Behavioral task
behavioral1
Sample
Arrival notice.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Arrival notice.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.classifoods.com/oean/
keboate.club
whitehatiq.com
loimtech.com
icaroagencia.com
snigglez.com
noreservationsxpress.com
villacascabel.com
5037adairway.com
growingequity.fund
stafffully.com
bingent.info
tmssaleguarantee.com
neonatalfeedrates.com
george-beauty.com
oraghallaighjourney.net
zunutrition.com
sylkysmooveentertainment.com
ddmns6tzey2d.com
dvcstay.com
304shaughnessygreen.info
ourbestbutes.com
taob345.com
fadhilaaqiqah.com
freshmarketfood.com
digitalcreativeclass.com
bitcoin-devnotes.com
rentapalla.com
ethiopianjulary.com
skillsknit.com
circleoflifeco-op.com
esteemquantum.life
indiashiksha.com
yqhbcapzy.icu
goldcrownusa.com
cinefil-i.com
pickmeagift.com
biomig.net
actusdumoment.com
theglobalfeedback.com
skindetailing.com
simplifiedvirtualsolutions.com
ggss081746bcd.xyz
spreadaccounts.com
kapiscart.com
fuyigranuletion.com
doxinlabs.com
piemontelaw.net
kstamerica.com
tueddur.com
opmania36.com
cartooninhindi4all.com
chefericcatering.com
tenshounoyu.com
over64.com
kerifletcherrock.com
ruidongcctv.com
ceejing.com
dailyxe.online
ubiquitus1.com
binggraesantorini.com
eggsmission.com
revolutionarydisciples.com
eatrestmoverepeat.co.uk
kyleknievil.com
Targets
-
-
Target
Arrival notice.xlsx
-
Size
1.9MB
-
MD5
f0a75c4a537ebc9c4e863bacad75c09c
-
SHA1
87d689d047a88d3bdece0af9b5c5f07477f79e85
-
SHA256
a3758c397e0cd8a41ae947ad432af74b3509c10882104e605cf95ef95c85e0be
-
SHA512
255e051876cc920882748ecbef946ada53fe7d4f614eff4acb5a7cf92fe6cc05b1014de05d49c0f812519fa2093373cbbd65c98b26bd40cfa92bb9dea5a56efc
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-