General
-
Target
VM ASIAN CHAMPION.xlsx
-
Size
2.3MB
-
Sample
210114-ne6cwkr7wj
-
MD5
70e08fe3de511ea1c49386b235f29787
-
SHA1
9f2bd146123e5f51b40300146c0151b11c84e7b2
-
SHA256
19400ad90a61f870637312b6f21305829b608cdde97e80904df1adb07793c733
-
SHA512
8994961b3d40af1b416cfb48bb403d87df36e132730020cdee48ffdcad378ab94480c14189c68458ec56aa194dcfcb4fd62b77d48da723bb72ceb0db4410b512
Static task
static1
Behavioral task
behavioral1
Sample
VM ASIAN CHAMPION.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
VM ASIAN CHAMPION.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.thejusticeadvantageseminars.com/qccq/
webuynyhouses.com
love-nepal.com
gardening-mistakes.com
495honda.com
newcuus.com
alefinvest.com
delhikigully.com
aznri4z9gtky4.net
hanswiemannbyaderans.com
mecaldiesel.com
akshen.net
y-agency.net
ahrohishrestha.com
arthalvorsonforcongress.com
mvmcompany.net
qyjjsk.com
yescoop.com
esergedrghwebrgqrq.xyz
kellyharmonedconsulting.com
deliciosatentacion.com
digihomepro.com
northchinatogo.com
intimatemomentsbtq.com
rtinvestorsolutions.com
maglex.info
tudo-a-toda-hora.com
redpriestapprel.com
screenminimum.icu
reading571.com
phoenixsommer.net
kofccouncil10004.com
ngayo.com
deborahfcasey.com
junktothedumpseattle.com
ditessili.com
houserbuilders.com
new-venice-homes.com
surrealmstudios.xyz
boldercoach.com
bigblockofcheeseday.com
magicdfw.com
centralarchery.com
sentryhilllegal.com
knowledge-noodle.com
innergardenacupuncture.com
kenneyrealtyinterest.com
newdirection4nm.com
rujgyolhb.icu
rootkit.global
vendorsforproductions.com
cryptogas.net
crucifux.com
modumbasket.com
todayluckyvisitors.com
tmfacecosmetics.com
asmmacademy.com
utocloud.com
loitethirdact.com
emfsens.com
vantaihoanganh.online
icampus.info
greenearthgator.com
iwin5588.com
bax84d.com
Targets
-
-
Target
VM ASIAN CHAMPION.xlsx
-
Size
2.3MB
-
MD5
70e08fe3de511ea1c49386b235f29787
-
SHA1
9f2bd146123e5f51b40300146c0151b11c84e7b2
-
SHA256
19400ad90a61f870637312b6f21305829b608cdde97e80904df1adb07793c733
-
SHA512
8994961b3d40af1b416cfb48bb403d87df36e132730020cdee48ffdcad378ab94480c14189c68458ec56aa194dcfcb4fd62b77d48da723bb72ceb0db4410b512
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-