General
-
Target
invoice.xlsx
-
Size
1.4MB
-
Sample
210113-z9yvpqedyx
-
MD5
f797660bb4a8d43cf75e570e59ffd6a1
-
SHA1
830d68b065521d15f014677aa80acc4fc4098360
-
SHA256
8c4ecf908b97c808d8cc843ecd6c32928d3402b348b897b46629c2a96351ac39
-
SHA512
c7fdd95ec3e672ecd312d63f75876c6142676a054c594d0dcddb0c1b56c677f9f10338133ef8e38a38ea64bca2c51aa812080e2be0c70070fdb6efb0f3d794b9
Static task
static1
Behavioral task
behavioral1
Sample
invoice.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
invoice.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.h-v-biz.com/c8so/
floeperformancegear.com
youtubeincreaser.com
cbb-is.com
bullsbikeusa.com
mama-asobitai.com
parkdaleliving.com
kinneintl.com
byrondramos.com
topangashaman.com
channel1057.com
nuancedigitalsolutions.com
kumheekim.com
erikating.com
ulinekorea.com
giftoes.com
blacknation.info
eventsdonevirtually.com
mx190501.com
bingent.info
seronofertilitymeds.com
homeloanswap.com
radissonusadevelopment.com
fuzionclood.com
best-datingclub.com
monjesphoto.com
kaysklittra.com
redirect.space
heliaoyixue.com
studentsafetysheild.info
automicsky.com
drsachinguptaoncologist.com
viralbisnisricis.com
ortodontx.com
lj5683.com
177braithwaite.com
peopleofpublix.com
vapesaucepro.com
zhadzc.com
yourattractionllc.net
linguafrancese.com
kindredkitchencatering.com
jikzo.com
studyspanissh.com
kidsbele.com
rainyknyght.com
cassandrastark.com
mysooners.com
catcara.com
shangxiaidea.com
vancouverjuniorgiants.com
xn--iiq68jfvffs1f.store
cfndonline.com
blenclad.net
alexroquemedia.com
escorturkiye.xyz
yurukire.com
floortak.com
rickettes.com
bubblewrapjogja.com
jayachandraadvertising.com
cleansevacco.com
magazinepodcastcce.com
mybusiness-plus.com
cleverwares.com
Targets
-
-
Target
invoice.xlsx
-
Size
1.4MB
-
MD5
f797660bb4a8d43cf75e570e59ffd6a1
-
SHA1
830d68b065521d15f014677aa80acc4fc4098360
-
SHA256
8c4ecf908b97c808d8cc843ecd6c32928d3402b348b897b46629c2a96351ac39
-
SHA512
c7fdd95ec3e672ecd312d63f75876c6142676a054c594d0dcddb0c1b56c677f9f10338133ef8e38a38ea64bca2c51aa812080e2be0c70070fdb6efb0f3d794b9
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-