General
-
Target
_MVOCEANGLORY_Inquiry.xlsx
-
Size
1.7MB
-
Sample
210118-bfmwh5jkrj
-
MD5
92484ad004022b18f529dc8420117aee
-
SHA1
2b614a1f275f6fff2fa6ff2362e343a8f7af3b07
-
SHA256
8a59252c90714f9b4221ca33dfe39baa66254a69f7d074aae1994f58c55da736
-
SHA512
7703a2d1bc91178a45bad9a3fe4e4ac9fb14fb8b8f3e7fa2b448ac8e3b428000b29b220a85f567e53a1d0173e7cf1f658381b5be7ce19d47599d9fce54622d1b
Static task
static1
Behavioral task
behavioral1
Sample
_MVOCEANGLORY_Inquiry.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
_MVOCEANGLORY_Inquiry.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.kaiyuansu.pro/incn/
1bovvfk93jd.com
enlightenedhealthcoaching.com
findthatsmartphone.com
intelligentsystemsus.com
xn--lmsealamientos-tnb.com
eot0luh5ia.men
babanewshop.com
beyond-bit.com
meritane.com
buythinsecret.com
c2ornot.com
twelvesband.com
rktlends.com
bourseandish.com
happyshop88.com
topangacanyonvintage.com
epersonalloansonline.com
roofers-anaheim.com
shanghaiys.net
bickel.wtf
macetitasdecorativas.com
maisonscoeurdepivoine.com
milano1980.com
thetealworld.com
khocam.com
electrofranco.com
biduoccotruyen.xyz
marcagrafika.com
goodgrabber.com
sentire.design
180wea.com
pnwfireextinguishers.com
paulborneo.com
potlucks.net
sdyqxx.com
pjy589.com
lovetovisit.info
vaultedslabs.com
mirrorimpact.net
americanmarketedge.com
therandstadride.com
yamadaya-online.com
stardust-cafe.com
sk375.com
abipisan.com
thesalesforceradi.computer
ronaldmorrisdc.com
thetreasurebook.com
personalruncoach.com
quba6.com
uoawrlhwg.icu
cathygass.com
tribesy.net
nishagile.com
aworldthroughhereyes.com
adeptroofmaintenance.com
jacketgraffiti.com
deeprigelphoto.com
qth.xyz
pontacols.com
sunflour-bakehouse.com
forevermesmerizedcomplexion.com
maglex.info
somright.com
Targets
-
-
Target
_MVOCEANGLORY_Inquiry.xlsx
-
Size
1.7MB
-
MD5
92484ad004022b18f529dc8420117aee
-
SHA1
2b614a1f275f6fff2fa6ff2362e343a8f7af3b07
-
SHA256
8a59252c90714f9b4221ca33dfe39baa66254a69f7d074aae1994f58c55da736
-
SHA512
7703a2d1bc91178a45bad9a3fe4e4ac9fb14fb8b8f3e7fa2b448ac8e3b428000b29b220a85f567e53a1d0173e7cf1f658381b5be7ce19d47599d9fce54622d1b
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-