General
-
Target
Statement of Account.xlsx
-
Size
2.2MB
-
Sample
210408-7lyg8bdj6x
-
MD5
ed576e8ae0b80c8f5310e0d6e0c7ebd9
-
SHA1
20ec3e99d7ab3162929b15fe33a3e0d2aa2239f7
-
SHA256
3ca5de16b0d1621f2b046b1e107f78ce5998d79120a906c045e2e606b8d8c85a
-
SHA512
61d436b8893e5389287a17ba937e06c65de2bf47f2e42cf813cdc53ff2bf6f118ac47b8086544037bceb8a922a7f461e57aa4b8710f6e9299237b9f4899131c1
Static task
static1
Behavioral task
behavioral1
Sample
Statement of Account.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Statement of Account.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.okitmall.com/iu4d/
abbottdigitalhealthpass.com
peridot.website
emmajanetracy.com
arewedoingenough.com
mvprunning.com
xn--939au40bijas7ab2a93s.com
thehouseofchiron.com
sqzffn.com
moretuantired.com
rosewoodcibubur.com
warungjitu.com
armylord.net
rideequihome.com
girasol.zone
getboostphlo.com
bilradioplaza.com
japannxt.com
figulco.com
insershop.com
loktantratvnews.com
healthdatamonitoring.com
gmopanama.com
miguelchulia.com
appexivo.com
weluvweb.com
qqcaotv.com
aleyalifestyle.com
aratssycosmetics.com
chestfreezersale.xyz
gyanumbrella.com
betbonusuk.com
dostforimpact.net
lestlondon.com
theartsutra.com
finegiant.com
zacharypelletier.com
ux300e.com
wiglous.club
adamspartnership.com
contex33.xyz
appearwood.club
3m-mat.com
runcouver.com
cqsjny.com
totubemp3.net
imagecloudhost.com
appleadayjuice.com
energyoutline.com
yashaerotech.com
mcleancosmeticgynecology.com
georgicarealty.com
sellbulkweed.com
kardosystems.com
hubsnewz.com
ekstrafordunyasi.com
cymentor.com
morrealeestates.com
mumbaihotgirls.club
beaulaser.com
aa29996.com
ankaramasozlerburada.xyz
otmcleaningservice.com
rosaandray.com
omxpro.com
Targets
-
-
Target
Statement of Account.xlsx
-
Size
2.2MB
-
MD5
ed576e8ae0b80c8f5310e0d6e0c7ebd9
-
SHA1
20ec3e99d7ab3162929b15fe33a3e0d2aa2239f7
-
SHA256
3ca5de16b0d1621f2b046b1e107f78ce5998d79120a906c045e2e606b8d8c85a
-
SHA512
61d436b8893e5389287a17ba937e06c65de2bf47f2e42cf813cdc53ff2bf6f118ac47b8086544037bceb8a922a7f461e57aa4b8710f6e9299237b9f4899131c1
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-