General
-
Target
notice of arrival.xlsx
-
Size
2.0MB
-
Sample
210119-ndravd3c2a
-
MD5
c732ea10caaebd818b01585c0b1c8b98
-
SHA1
4c8aa235401a1d6d6d42f63c23834a059fd6780c
-
SHA256
eae9c79d7cd3969dd5b6d3abeed9bd8499447998af00d48e47fed03f8172b2d9
-
SHA512
0f5bba12f9b60d927847e98c29a52041d738ddf11a852dbd054a9ea0081bd5517207818404700ac09cca20771caade5215f563559efd6eb8a1008b1087376eba
Static task
static1
Behavioral task
behavioral1
Sample
notice of arrival.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
notice of arrival.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.inreachpt.com/gqx2/
calusaptamiami.com
starlinkwebservices.com
lakeviewbarbershonola.com
oaklandraidersjerseyspop.com
ohiotechreport.com
eligetucafetera.com
tu4343.com
abstract-elearning.com
thebabylashes.com
athleteshive.com
fanninhomesforless.com
sembracna.com
servicesyn.com
bellairechoice.com
tmpaas.com
eyepaa.com
stickerzblvd.com
rentfs.com
nadya-shanab.com
microwgreens.net
overnaut.net
edwinstowingservices.com
bonus189.space
xn--wgbp0b73b.com
trijjadigital.com
libraspeed.com
theofficialtoluwani.com
podborauto.pro
qyhualin.com
prayerswithmary.com
donboscohistorycorner.com
enlightenedsoil.com
osteopathegagny.com
lookingglassland.com
maglex.info
foxandgraceboutique.com
yourinfluencecoach.com
com-cancel-payment-id655.com
ppspiaggio.com
dbsadv.com
teamworkdash.com
washington-election-2020.info
creativehighagency.com
artisthenewmeditation.com
qsgasia.com
unseen-vision.com
beepybox.online
shaffglowing.com
teacher-retirement-info.info
muabandatdonganh.com
shuhan.design
5200853.com
shengmixiaoji.net
spiderofthesea.com
scionoflewisville.com
tpcvirtual.com
zhjiaxiang.com
thefanexam.com
kimscraftyresale.com
housvest.com
bukmyhotel.com
lacaverne.ovh
investorspredict.com
quicklogosireland.com
Targets
-
-
Target
notice of arrival.xlsx
-
Size
2.0MB
-
MD5
c732ea10caaebd818b01585c0b1c8b98
-
SHA1
4c8aa235401a1d6d6d42f63c23834a059fd6780c
-
SHA256
eae9c79d7cd3969dd5b6d3abeed9bd8499447998af00d48e47fed03f8172b2d9
-
SHA512
0f5bba12f9b60d927847e98c29a52041d738ddf11a852dbd054a9ea0081bd5517207818404700ac09cca20771caade5215f563559efd6eb8a1008b1087376eba
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-