General
-
Target
invoice.xlsx
-
Size
2.2MB
-
Sample
210408-5nr7dtc2ns
-
MD5
a36c4741d6a05389b3a23ff5e5201930
-
SHA1
aacc6bd68a6b27041ac35148de613dae5423c8a3
-
SHA256
21f857a7997892d8c9a725f447b9b7be3ce2451a177fb6286da2deb8853208d9
-
SHA512
71434a45fb41026a4e4c339f1f4daabc1fbf0fe8cc7c434da49bf5a2fc87584b8396dd51fed15e54d8ee0a9e6febbedd003cd377493610576d79e85429ce7d6a
Static task
static1
Behavioral task
behavioral1
Sample
invoice.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
invoice.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.emergencylocksmithsolutions.com/bei3/
cananevrensigorta.com
nyayayacho.com
delta8america.com
info-age.gmbh
magetu.info
illuqon.com
bohathome.com
kellydalva.com
hinkro.com
danlanproproductions.com
skkcabed.com
masnaoto.com
sourcelibre.net
www-1360666.com
ninekimchis.com
sgxzds.com
laysflavorsicons.com
vinkle.net
anazaczarowana.com
verneil.com
moxa-pro.com
chuckkie.com
ree-construction.com
valhallavets.com
familiarealtygroup.com
bavaria-cie.com
weightlossz.net
competitionlawsarvada.legal
samegameparlays.com
sandhillspursuit.com
all-playbet.net
nyiftsuppliersday.com
carrme.com
jinggongyuan.com
nixsit.com
macropools.com
chocolatesbrasilcacau.club
sgfwholesale.net
mybodtonheart.com
raganslandscapingllc.com
fvtnywveba.club
busybeecreates.com
chapterproductions.com
creativesupporters.com
336ac.com
socialmediahomegym.com
lngboiler.com
sirdesmonddesilvaqc.com
imangine.com
daroudi.com
xrpipeline.com
zhongziciliso.com
axelrodglobal.com
warrior.green
serpempirejel.club
nattyvell.com
sy928.com
forttrek.com
travelwithlowbudget.com
arpsmaths.info
essensedesigns.events
prosperfortuna.com
thesingaporeanabroad.com
shopwithdrive.com
Targets
-
-
Target
invoice.xlsx
-
Size
2.2MB
-
MD5
a36c4741d6a05389b3a23ff5e5201930
-
SHA1
aacc6bd68a6b27041ac35148de613dae5423c8a3
-
SHA256
21f857a7997892d8c9a725f447b9b7be3ce2451a177fb6286da2deb8853208d9
-
SHA512
71434a45fb41026a4e4c339f1f4daabc1fbf0fe8cc7c434da49bf5a2fc87584b8396dd51fed15e54d8ee0a9e6febbedd003cd377493610576d79e85429ce7d6a
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-