General
-
Target
MT OCEAN STAR ISO 8217 2005.xlsx
-
Size
2.1MB
-
Sample
210119-rp7mkdd8an
-
MD5
6bd6d4a84316287a1d8a00c44ada93e7
-
SHA1
b9397b42c64d173bacc38c7e957fab360f455bd9
-
SHA256
1df2f31f47ad59b33ac7fe9e83c462c878b2ca8193d890e1b1b43a491155a937
-
SHA512
02731ceb426c69e581544f826e464568f50cf0ef0006c0255a7011d20d0e53932547fcc0aaddf4ff41f005d2b29d647bb6870f8b17c287055b8e14a149c05244
Static task
static1
Behavioral task
behavioral1
Sample
MT OCEAN STAR ISO 8217 2005.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
MT OCEAN STAR ISO 8217 2005.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.learnhour.net/eaud/
modshiro.com
mademarketingoss.com
austinjourls.info
wayupteam.com
crossingfinger.com
interseptors.com
gigashit.com
livetigo.com
halamankuningindonesia.com
windhammills.com
aylinahmet.com
mbacexonan.website
shopboxbarcelona.com
youyeslive.com
coonlinesportsbooks.com
guorunme.com
putlocker2.site
pencueaidnetwork.com
likevector.com
vulcanudachi-proclub.com
bestcollegelms.online
bosman-smm.online
maglex.info
tolentinestore.com
layaliskincare.com
pensionbackup.com
mettyapp.com
sun-microsoft.com
cheapcialisffx.com
egio.digital
syndicatesportspicks.com
pinnacle.international
realestatejewel.com
dajiankang.love
acaijunglegroup.com
youraircases.com
cdxxcenter.com
ndblife.com
mersinsimsek.com
modernofficeaccessories.com
opioidfactswalgreens.com
yesmywigs.com
lebaronfuneraire.com
missfoxie.com
minbarlibya.com
themalaysialife.com
glz-cc.com
go892.com
eriesbestcaterer.com
geraldreed.com
casinocerto.com
beambitioussummit.com
rfs.company
juliandehaas.com
enooga.com
sulpher.network
toords.com
breaking-news4u.com
erkdigitalmarketing.com
blazorstore.com
weoneqa.com
coalitionsentiment.win
atoidejuger.com
cumbiamba.com
Targets
-
-
Target
MT OCEAN STAR ISO 8217 2005.xlsx
-
Size
2.1MB
-
MD5
6bd6d4a84316287a1d8a00c44ada93e7
-
SHA1
b9397b42c64d173bacc38c7e957fab360f455bd9
-
SHA256
1df2f31f47ad59b33ac7fe9e83c462c878b2ca8193d890e1b1b43a491155a937
-
SHA512
02731ceb426c69e581544f826e464568f50cf0ef0006c0255a7011d20d0e53932547fcc0aaddf4ff41f005d2b29d647bb6870f8b17c287055b8e14a149c05244
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-