General
-
Target
Payment Advice.xlsx
-
Size
2.1MB
-
Sample
210114-nyjhlb6l8a
-
MD5
ad384e8c8855bc77a4e28d48fe1ceda1
-
SHA1
2f5811ece35653b1385604d1c98c7571e664674d
-
SHA256
f11ea6a7155be75272d56249aaacd080aa834c25bc672cff5f88e1fcf7617b2c
-
SHA512
353536fbaec562b2e989d243529791cdb37dc65b9fa66605599d6ac1ca95fe0bd844f11ba0e9942711f3738e4d55efda10348ec8e1eb2506aae0e556e7f12aee
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment Advice.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.learnhour.net/eaud/
modshiro.com
mademarketingoss.com
austinjourls.info
wayupteam.com
crossingfinger.com
interseptors.com
gigashit.com
livetigo.com
halamankuningindonesia.com
windhammills.com
aylinahmet.com
mbacexonan.website
shopboxbarcelona.com
youyeslive.com
coonlinesportsbooks.com
guorunme.com
putlocker2.site
pencueaidnetwork.com
likevector.com
vulcanudachi-proclub.com
bestcollegelms.online
bosman-smm.online
maglex.info
tolentinestore.com
layaliskincare.com
pensionbackup.com
mettyapp.com
sun-microsoft.com
cheapcialisffx.com
egio.digital
syndicatesportspicks.com
pinnacle.international
realestatejewel.com
dajiankang.love
acaijunglegroup.com
youraircases.com
cdxxcenter.com
ndblife.com
mersinsimsek.com
modernofficeaccessories.com
opioidfactswalgreens.com
yesmywigs.com
lebaronfuneraire.com
missfoxie.com
minbarlibya.com
themalaysialife.com
glz-cc.com
go892.com
eriesbestcaterer.com
geraldreed.com
casinocerto.com
beambitioussummit.com
rfs.company
juliandehaas.com
enooga.com
sulpher.network
toords.com
breaking-news4u.com
erkdigitalmarketing.com
blazorstore.com
weoneqa.com
coalitionsentiment.win
atoidejuger.com
cumbiamba.com
Targets
-
-
Target
Payment Advice.xlsx
-
Size
2.1MB
-
MD5
ad384e8c8855bc77a4e28d48fe1ceda1
-
SHA1
2f5811ece35653b1385604d1c98c7571e664674d
-
SHA256
f11ea6a7155be75272d56249aaacd080aa834c25bc672cff5f88e1fcf7617b2c
-
SHA512
353536fbaec562b2e989d243529791cdb37dc65b9fa66605599d6ac1ca95fe0bd844f11ba0e9942711f3738e4d55efda10348ec8e1eb2506aae0e556e7f12aee
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-