General
-
Target
PAYMENTADVICE.xlsx
-
Size
2.3MB
-
Sample
210226-tfp4hg4kh2
-
MD5
6a665d2ebffb301cd53b051cf04337b3
-
SHA1
74b35d94beacfe37f41cc6891e7ddc96a442c0bd
-
SHA256
08a0ab3c46df8c30ed29ab0ab4d5cc733c421cbff42490788a34f5aba13bb37b
-
SHA512
8b19d0ffa2315b8ff74eece86ab92bc417523867291589700cf086f6a3aa0199e119fcd55a04d05e007a15bdfaceeeab6a31c1906d7bd8ca37c50fdcaea6ecae
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENTADVICE.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PAYMENTADVICE.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.torontotel.com/4qdc/
mangpe.asia
mmstruckingllc.com
ascendingworship.com
gfeets.com
smartcbda.com
dreaminggrand.com
dohostar.com
farkindalik365.com
weareexpatwomen.com
gamereruns.com
rosesandframes.com
commagx4.info
tarpleymusic.info
szttskj.com
calatheahomeservices.com
qm7886.com
emunmous.com
deutschclub.com
39palmavenue.com
thepixxelgroup.com
buildassetswealth.com
oscarandmarina.com
zingoworks.space
edgewooddhr.net
earth-emily.com
belanjagratis.com
sandrapidal.com
btvstudios.com
aberdareroyalcottages.com
officialgiftclub.com
kerdbooks.com
havemercyinc.net
sunsitek.com
larek.store
radioapostolicadigital.com
xcuswaeheje.com
ndk168.com
pcareinc.com
beconfidentagain.com
codejunkys.com
constancescot.com
inbarrel.com
thepurepharmacy.com
finoblog.com
orderbbqculinary.com
bgshtswp.com
hezhengnet.com
clerolaustrie.com
speedysnacksbox.com
amazonia.coffee
mnkmultiservicios.com
antips.com
powerofphoto.com
trackyourvote.com
equiposddl.com
mintmobikeplus.com
grn-shop.com
fabslab.coffee
musicindustrymag.com
cyprusdivingcenters.com
sunsilify.com
rehabcareconnect.com
kingscarehospital.com
pompomlearning.com
Targets
-
-
Target
PAYMENTADVICE.xlsx
-
Size
2.3MB
-
MD5
6a665d2ebffb301cd53b051cf04337b3
-
SHA1
74b35d94beacfe37f41cc6891e7ddc96a442c0bd
-
SHA256
08a0ab3c46df8c30ed29ab0ab4d5cc733c421cbff42490788a34f5aba13bb37b
-
SHA512
8b19d0ffa2315b8ff74eece86ab92bc417523867291589700cf086f6a3aa0199e119fcd55a04d05e007a15bdfaceeeab6a31c1906d7bd8ca37c50fdcaea6ecae
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-