General
-
Target
VM ASIAN CHAMPION.xlsx
-
Size
1.8MB
-
Sample
210115-q3t9dyrr8e
-
MD5
fa54fb8f1e2cb91097b66edc81c16764
-
SHA1
249aee08a090bb6c57816dce20ca968fc1a7c8d6
-
SHA256
cafc9b500bdf7058b0d77f43d5aad253eb30347d483bc9b7a507f66503d04934
-
SHA512
d08b1ed7cd1c3f57ccf89b87e8c37d8a9c4c2b81d6af9865ee05dea30c64dcecb540c34b49f2d4ccf5291a5a56431a4a4e3faf13cde251768e722e5b876e4cbd
Static task
static1
Behavioral task
behavioral1
Sample
VM ASIAN CHAMPION.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
VM ASIAN CHAMPION.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.thejusticeadvantageseminars.com/qccq/
webuynyhouses.com
love-nepal.com
gardening-mistakes.com
495honda.com
newcuus.com
alefinvest.com
delhikigully.com
aznri4z9gtky4.net
hanswiemannbyaderans.com
mecaldiesel.com
akshen.net
y-agency.net
ahrohishrestha.com
arthalvorsonforcongress.com
mvmcompany.net
qyjjsk.com
yescoop.com
esergedrghwebrgqrq.xyz
kellyharmonedconsulting.com
deliciosatentacion.com
digihomepro.com
northchinatogo.com
intimatemomentsbtq.com
rtinvestorsolutions.com
maglex.info
tudo-a-toda-hora.com
redpriestapprel.com
screenminimum.icu
reading571.com
phoenixsommer.net
kofccouncil10004.com
ngayo.com
deborahfcasey.com
junktothedumpseattle.com
ditessili.com
houserbuilders.com
new-venice-homes.com
surrealmstudios.xyz
boldercoach.com
bigblockofcheeseday.com
magicdfw.com
centralarchery.com
sentryhilllegal.com
knowledge-noodle.com
innergardenacupuncture.com
kenneyrealtyinterest.com
newdirection4nm.com
rujgyolhb.icu
rootkit.global
vendorsforproductions.com
cryptogas.net
crucifux.com
modumbasket.com
todayluckyvisitors.com
tmfacecosmetics.com
asmmacademy.com
utocloud.com
loitethirdact.com
emfsens.com
vantaihoanganh.online
icampus.info
greenearthgator.com
iwin5588.com
bax84d.com
Targets
-
-
Target
VM ASIAN CHAMPION.xlsx
-
Size
1.8MB
-
MD5
fa54fb8f1e2cb91097b66edc81c16764
-
SHA1
249aee08a090bb6c57816dce20ca968fc1a7c8d6
-
SHA256
cafc9b500bdf7058b0d77f43d5aad253eb30347d483bc9b7a507f66503d04934
-
SHA512
d08b1ed7cd1c3f57ccf89b87e8c37d8a9c4c2b81d6af9865ee05dea30c64dcecb540c34b49f2d4ccf5291a5a56431a4a4e3faf13cde251768e722e5b876e4cbd
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-