General
-
Target
Arrival notice.xlsx
-
Size
1.4MB
-
Sample
210113-fxe44eeqqa
-
MD5
75048d6eb28c8c180ed6adbb7b97e045
-
SHA1
7d86a5a15b22f53edb166d96edc87526256e167e
-
SHA256
912c691be61c217574cd5f37c83dda7eaf696427bc278e29e257f4e55e95a4c5
-
SHA512
b535e75c95ebfeb473158175c7443960cd0440cb4576ebaf3a330efe6b5cbf11d1421d17e3db68d3643344d827fdf0f4366dad9434c0f1b4f71ad9600038df04
Static task
static1
Behavioral task
behavioral1
Sample
Arrival notice.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Arrival notice.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.classifoods.com/oean/
keboate.club
whitehatiq.com
loimtech.com
icaroagencia.com
snigglez.com
noreservationsxpress.com
villacascabel.com
5037adairway.com
growingequity.fund
stafffully.com
bingent.info
tmssaleguarantee.com
neonatalfeedrates.com
george-beauty.com
oraghallaighjourney.net
zunutrition.com
sylkysmooveentertainment.com
ddmns6tzey2d.com
dvcstay.com
304shaughnessygreen.info
ourbestbutes.com
taob345.com
fadhilaaqiqah.com
freshmarketfood.com
digitalcreativeclass.com
bitcoin-devnotes.com
rentapalla.com
ethiopianjulary.com
skillsknit.com
circleoflifeco-op.com
esteemquantum.life
indiashiksha.com
yqhbcapzy.icu
goldcrownusa.com
cinefil-i.com
pickmeagift.com
biomig.net
actusdumoment.com
theglobalfeedback.com
skindetailing.com
simplifiedvirtualsolutions.com
ggss081746bcd.xyz
spreadaccounts.com
kapiscart.com
fuyigranuletion.com
doxinlabs.com
piemontelaw.net
kstamerica.com
tueddur.com
opmania36.com
cartooninhindi4all.com
chefericcatering.com
tenshounoyu.com
over64.com
kerifletcherrock.com
ruidongcctv.com
ceejing.com
dailyxe.online
ubiquitus1.com
binggraesantorini.com
eggsmission.com
revolutionarydisciples.com
eatrestmoverepeat.co.uk
kyleknievil.com
Targets
-
-
Target
Arrival notice.xlsx
-
Size
1.4MB
-
MD5
75048d6eb28c8c180ed6adbb7b97e045
-
SHA1
7d86a5a15b22f53edb166d96edc87526256e167e
-
SHA256
912c691be61c217574cd5f37c83dda7eaf696427bc278e29e257f4e55e95a4c5
-
SHA512
b535e75c95ebfeb473158175c7443960cd0440cb4576ebaf3a330efe6b5cbf11d1421d17e3db68d3643344d827fdf0f4366dad9434c0f1b4f71ad9600038df04
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-