General
-
Target
new order.xlsx
-
Size
1.4MB
-
Sample
210114-g7frk6x4jx
-
MD5
6f72ba8da386566b04b4101c84087037
-
SHA1
8609e0eab98f629be62c8467cf89cb07e3273639
-
SHA256
cc37109e31ff6ed6792d0f9201d3a5169a51dabae5d40806195344a8f3c8ac1f
-
SHA512
8bbf675fc7cda860305c1bf491fcc2a8f456653b4bdc9d06961d1a7b5dbd429674b31715b0ebc4e03c3244587b406cc2504e024312b7b8c70470a26b41508e4d
Static task
static1
Behavioral task
behavioral1
Sample
new order.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
new order.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.h-v-biz.com/c8so/
floeperformancegear.com
youtubeincreaser.com
cbb-is.com
bullsbikeusa.com
mama-asobitai.com
parkdaleliving.com
kinneintl.com
byrondramos.com
topangashaman.com
channel1057.com
nuancedigitalsolutions.com
kumheekim.com
erikating.com
ulinekorea.com
giftoes.com
blacknation.info
eventsdonevirtually.com
mx190501.com
bingent.info
seronofertilitymeds.com
homeloanswap.com
radissonusadevelopment.com
fuzionclood.com
best-datingclub.com
monjesphoto.com
kaysklittra.com
redirect.space
heliaoyixue.com
studentsafetysheild.info
automicsky.com
drsachinguptaoncologist.com
viralbisnisricis.com
ortodontx.com
lj5683.com
177braithwaite.com
peopleofpublix.com
vapesaucepro.com
zhadzc.com
yourattractionllc.net
linguafrancese.com
kindredkitchencatering.com
jikzo.com
studyspanissh.com
kidsbele.com
rainyknyght.com
cassandrastark.com
mysooners.com
catcara.com
shangxiaidea.com
vancouverjuniorgiants.com
xn--iiq68jfvffs1f.store
cfndonline.com
blenclad.net
alexroquemedia.com
escorturkiye.xyz
yurukire.com
floortak.com
rickettes.com
bubblewrapjogja.com
jayachandraadvertising.com
cleansevacco.com
magazinepodcastcce.com
mybusiness-plus.com
cleverwares.com
Targets
-
-
Target
new order.xlsx
-
Size
1.4MB
-
MD5
6f72ba8da386566b04b4101c84087037
-
SHA1
8609e0eab98f629be62c8467cf89cb07e3273639
-
SHA256
cc37109e31ff6ed6792d0f9201d3a5169a51dabae5d40806195344a8f3c8ac1f
-
SHA512
8bbf675fc7cda860305c1bf491fcc2a8f456653b4bdc9d06961d1a7b5dbd429674b31715b0ebc4e03c3244587b406cc2504e024312b7b8c70470a26b41508e4d
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-