General
-
Target
arrival_notice.xlsx
-
Size
2.4MB
-
Sample
210118-y9bqz579zx
-
MD5
7391442ae2a0d3ae6df6f7552f73b753
-
SHA1
b7b24c1de89b767235b20c0574bd3fccea7a3061
-
SHA256
f535ff7416a31c3f067b61aea08aab08006eaf2dd790dcfc89c05a1f6343f17b
-
SHA512
aed9b9610a3b14ea2e393ebab73e7f6f9af1aaa9e8264496f0efdc39680a7ca2f7482e926544a12075be20e1de7fb56107f2215004c041e1ea03e61ef1958205
Static task
static1
Behavioral task
behavioral1
Sample
arrival_notice.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
arrival_notice.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.inreachpt.com/gqx2/
calusaptamiami.com
starlinkwebservices.com
lakeviewbarbershonola.com
oaklandraidersjerseyspop.com
ohiotechreport.com
eligetucafetera.com
tu4343.com
abstract-elearning.com
thebabylashes.com
athleteshive.com
fanninhomesforless.com
sembracna.com
servicesyn.com
bellairechoice.com
tmpaas.com
eyepaa.com
stickerzblvd.com
rentfs.com
nadya-shanab.com
microwgreens.net
overnaut.net
edwinstowingservices.com
bonus189.space
xn--wgbp0b73b.com
trijjadigital.com
libraspeed.com
theofficialtoluwani.com
podborauto.pro
qyhualin.com
prayerswithmary.com
donboscohistorycorner.com
enlightenedsoil.com
osteopathegagny.com
lookingglassland.com
maglex.info
foxandgraceboutique.com
yourinfluencecoach.com
com-cancel-payment-id655.com
ppspiaggio.com
dbsadv.com
teamworkdash.com
washington-election-2020.info
creativehighagency.com
artisthenewmeditation.com
qsgasia.com
unseen-vision.com
beepybox.online
shaffglowing.com
teacher-retirement-info.info
muabandatdonganh.com
shuhan.design
5200853.com
shengmixiaoji.net
spiderofthesea.com
scionoflewisville.com
tpcvirtual.com
zhjiaxiang.com
thefanexam.com
kimscraftyresale.com
housvest.com
bukmyhotel.com
lacaverne.ovh
investorspredict.com
quicklogosireland.com
Targets
-
-
Target
arrival_notice.xlsx
-
Size
2.4MB
-
MD5
7391442ae2a0d3ae6df6f7552f73b753
-
SHA1
b7b24c1de89b767235b20c0574bd3fccea7a3061
-
SHA256
f535ff7416a31c3f067b61aea08aab08006eaf2dd790dcfc89c05a1f6343f17b
-
SHA512
aed9b9610a3b14ea2e393ebab73e7f6f9af1aaa9e8264496f0efdc39680a7ca2f7482e926544a12075be20e1de7fb56107f2215004c041e1ea03e61ef1958205
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-