General
-
Target
NEW AGREEMRNT 18-01-2021.xlsx
-
Size
2.2MB
-
Sample
210118-cmtgdhw686
-
MD5
07d3c47f16d42558250c95880719c325
-
SHA1
effc9cbec24ef8cbbc1fd515ba1207c0a4667204
-
SHA256
95f088219d2f2c47bbf22b620719c04ede9f2befa6e7e1e80a663e257adc29d8
-
SHA512
d0cc3e03522772ca0e91e0335be281eac4ba2d241e1017030c8c85d4e2ed89054c385e0b874f07437aca873c5f0a65505c59db5d12c286901631a8d238b271da
Static task
static1
Behavioral task
behavioral1
Sample
NEW AGREEMRNT 18-01-2021.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEW AGREEMRNT 18-01-2021.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.rizrvd.com/bw82/
fundamentaliemef.com
gallerybrows.com
leadeligey.com
octoberx2.online
climaxnovels.com
gdsjgf.com
curateherstories.com
blacksailus.com
yjpps.com
gmobilet.com
fcoins.club
foreverlive2027.com
healthyfifties.com
wmarquezy.com
housebulb.com
thebabyfriendly.com
primajayaintiperkasa.com
learnplaychess.com
chrisbubser.digital
xn--avenr-wsa.com
exlineinsurance.com
thrivezi.com
tuvandadayvitos24h.online
illfingers.com
usmedicarenow.com
pandabutik.com
engageautism.info
magnabeautystyle.com
texasdryroof.com
woodlandpizzahartford.com
dameadamea.com
sedaskincare.com
ruaysatu99.com
mybestaide.com
nikolaichan.com
mrcabinetkitchenandbath.com
ondemandbarbering.com
activagebenefits.net
srcsvcs.com
cbrealvitalize.com
ismaelworks.com
medkomp.online
ninasangtani.com
h2oturkiye.com
kolamart.com
acdfr.com
twistedtailgatesweeps1.com
ramjamdee.com
thedancehalo.com
joeisono.com
glasshouseroadtrip.com
okcpp.com
riggsfarmfenceservices.com
mgg360.com
xn--oi2b190cymc.com
ctfocbdwholesale.com
openspiers.com
rumblingrambles.com
thepoetrictedstudio.com
magiclabs.media
wellnesssensation.com
lakegastonautoparts.com
dealsonwheeeles.com
semenboostplus.com
Targets
-
-
Target
NEW AGREEMRNT 18-01-2021.xlsx
-
Size
2.2MB
-
MD5
07d3c47f16d42558250c95880719c325
-
SHA1
effc9cbec24ef8cbbc1fd515ba1207c0a4667204
-
SHA256
95f088219d2f2c47bbf22b620719c04ede9f2befa6e7e1e80a663e257adc29d8
-
SHA512
d0cc3e03522772ca0e91e0335be281eac4ba2d241e1017030c8c85d4e2ed89054c385e0b874f07437aca873c5f0a65505c59db5d12c286901631a8d238b271da
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-