General
-
Target
inquiry10204168.xlsx
-
Size
2.4MB
-
Sample
210305-h1dkceqq4n
-
MD5
d21391378bff7acab49dfce8761978f1
-
SHA1
c4a02857537b6b300f7ad279a6fe5660a473bda2
-
SHA256
0944f78b8f2bd0e3a08c56793f90cc82ac064789018cf04a2fde5476055d1214
-
SHA512
b2d7100141d27f01f3bf369a41b143350f94d01cb923995edd028d0c148e6b97660164f8d9b610cecde22d28db1dccc979f5942adc3bbd65f3d41e5396c08edb
Static task
static1
Behavioral task
behavioral1
Sample
inquiry10204168.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
inquiry10204168.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
http://www.856380692.xyz/nsag/
usopencoverage.com
5bo5j.com
deliveryourvote.com
bestbuycarpethd.com
worldsourcecloud.com
glowtheblog.com
translations.tools
ithacapella.com
machinerysubway.com
aashlokhospitals.com
athara-kiano.com
anabittencourt.com
hakimkhawatmi.com
fashionwatchesstore.com
krishnagiri.info
tencenttexts.com
kodairo.com
ouitum.club
robertbeauford.net
polling.asia
evoslancete.com
4676sabalkey.com
chechadskeitaro.com
babyhopeful.com
11376.xyz
oryanomer.com
jyxxfy.com
scanourworld.com
thevistadrinksco.com
meow-cafe.com
xfixpros.com
botaniquecouture.com
bkhlep.xyz
mauriciozarate.com
icepolo.com
siyezim.com
myfeezinc.com
nooshone.com
wholesalerbargains.com
winabeel.com
frankfrango.com
patientsbooking.info
ineedahealer.com
thefamilyorchard.net
clericallyco.com
overseaexpert.com
bukaino.net
womens-secrets.love
skinjunkie.site
dccheavydutydiv.net
explorerthecity.com
droneserviceshouston.com
creationsbyjamie.com
profirma-nachfolge.com
oasisbracelet.com
maurobenetti.com
mecs.club
mistressofherdivinity.com
vooronsland.com
navia.world
commagx4.info
caresring.com
yourstrivingforexcellence.com
alpinevalleytimeshares.com
Targets
-
-
Target
inquiry10204168.xlsx
-
Size
2.4MB
-
MD5
d21391378bff7acab49dfce8761978f1
-
SHA1
c4a02857537b6b300f7ad279a6fe5660a473bda2
-
SHA256
0944f78b8f2bd0e3a08c56793f90cc82ac064789018cf04a2fde5476055d1214
-
SHA512
b2d7100141d27f01f3bf369a41b143350f94d01cb923995edd028d0c148e6b97660164f8d9b610cecde22d28db1dccc979f5942adc3bbd65f3d41e5396c08edb
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-