General
-
Target
Machine Specifications.xlsm
-
Size
148KB
-
Sample
210309-3mjgem93ya
-
MD5
9ce6349baf1276836ea9764233aa09ae
-
SHA1
0d5349b1e57866a0111d6ec731d21e9cf151a6dd
-
SHA256
bdad87cc1c4683be3d1a173ac533eb8322ab725e055535c3288b33ac64373ea6
-
SHA512
b88b6946764199c0c33a02fb02a35d96dea5c30ad01d70b0afdbacd5bae7198ef9ee5722b35cba562daae7ac6c813358082f6fd4c85ee2c2e66b7d6452c29618
Static task
static1
Behavioral task
behavioral1
Sample
Machine Specifications.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Machine Specifications.xlsm
Resource
win10v20201028
Malware Config
Extracted
http://transfer.sh/get/D8sXG/text.exe
Extracted
xloader
http://www.dubainights.net/rrrq/
sdlcutps.com
novieffendi.com
highpointedu.com
sagaming.today
charlottesteer.com
kilopapa.net
prime-executive.com
8893270.com
gorillaikka.com
coynesgastropub.com
sun9376.xyz
coolkilo.com
1clickdoc.online
fosa.info
smileburgerdelivery.com
ronpaulmessge17.com
sqwigs.com
xn--c1ajbkdnb9b0g.xn--p1acf
gelzers.info
banpluspay.com
chemluan.com
vehcimbev.com
voyageesthetique.com
gurmishpainting.com
egofickle.com
klikhoster.net
chainlinkbulls.com
6987599.com
curtex.info
dogcollarcartoons.com
videomediaaid.online
qoyal.com
girloliver.com
indoorcannabisproducer.com
josefloreslive.com
pomtpu.com
gwalletcc.com
lapsteelator.com
vitalyst.digital
teleworkstar.info
kansas-chiefs.com
ingeniousmkt.com
whowealth.com
mycfhp.com
st-plumbing.com
listsouth.com
citestaccnt1598618655.com
x-tech.design
carmellastore.com
petalpetal.net
myworldporn.com
crgxdz.com
ladronesdepalabras.com
becomestateman.com
thebigmessages.com
novak-versand.com
melekhemfuzaylovrealtor.com
deeanaespinosa.com
cachpay.com
beyond-luxury-villas.com
qrrnwdev.icu
revolutionofwork.com
whatsonpk.com
solidaritybrother.com
Targets
-
-
Target
Machine Specifications.xlsm
-
Size
148KB
-
MD5
9ce6349baf1276836ea9764233aa09ae
-
SHA1
0d5349b1e57866a0111d6ec731d21e9cf151a6dd
-
SHA256
bdad87cc1c4683be3d1a173ac533eb8322ab725e055535c3288b33ac64373ea6
-
SHA512
b88b6946764199c0c33a02fb02a35d96dea5c30ad01d70b0afdbacd5bae7198ef9ee5722b35cba562daae7ac6c813358082f6fd4c85ee2c2e66b7d6452c29618
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-