General
-
Target
RFQ ORDER LIST.xlsx
-
Size
2.4MB
-
Sample
210119-k2h4g31lrs
-
MD5
7046895bf66247768d0ea01820e10bd7
-
SHA1
6a8dd66b8cb3a4abff011d80c2ce92cae5376a76
-
SHA256
04565d469f7088f9fb122dd3b42274a84bdc1650156a815420381ef770e4373e
-
SHA512
9ee04cae283b8f5edc7cfd14afe82f62266db71c8a1d8ce131b90b1832b17f02ba624caac95e1148b6b5265dcbd76e3130d90c238152adae5efb435ad49010a2
Static task
static1
Behavioral task
behavioral1
Sample
RFQ ORDER LIST.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ ORDER LIST.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.hitchhikerfab.com/qjnt/
silverlakesfootball.com
drivebymovie.com
precisedirections.com
xn--01-mlcpq1abi.xn--p1acf
landhubturkey.com
andronomicon.com
kindlyhomecare.com
tyequip.com
planfra.com
wy1197.com
blackcatbaker.com
ddhhynjy.com
sales-altigen.com
valerielimozin.com
walmamall.com
quishkambalito.com
gnbsuvm.icu
milanostorear.com
olympiaopen.com
zradydlyazhinok-ua.com
chileenswijnhuis.online
squeegeedollarclub.com
ecritech.media
jugosdelsol.com
gamersgangbd.com
globalineducation.com
newenglandredsox.com
ajackson-design.com
blupointer.com
plantfulllife.com
bebes-fertiles.com
hoqueivilasana.com
evsucks.com
ggate.club
goldiewilson.com
jtdelastomer.com
hwhrc.com
safehomeseller.com
d2clip.com
856380770.xyz
peorig.club
magnificosocial.com
masterm77.com
jejucash.com
ciancor.com
primeoneimplants.com
xn--9t4bi03a.com
vietlangcenter.com
nickelindonesia.com
crcindustrialmx.com
jswproductionsllc.com
igxadnm.icu
formationbd.net
shdajiao.com
kitamura-clinic-seta.com
racevx.xyz
xingyedk.com
misteri365.net
agedeve.com
kutuluoyun.net
yrzx61.com
6s7f8mr8yk7ji.net
sumrajuniksure.com
everlastingnewyork.com
Targets
-
-
Target
RFQ ORDER LIST.xlsx
-
Size
2.4MB
-
MD5
7046895bf66247768d0ea01820e10bd7
-
SHA1
6a8dd66b8cb3a4abff011d80c2ce92cae5376a76
-
SHA256
04565d469f7088f9fb122dd3b42274a84bdc1650156a815420381ef770e4373e
-
SHA512
9ee04cae283b8f5edc7cfd14afe82f62266db71c8a1d8ce131b90b1832b17f02ba624caac95e1148b6b5265dcbd76e3130d90c238152adae5efb435ad49010a2
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-