General
-
Target
DHL Shipping doc & Shipment tracking details.docx
-
Size
10KB
-
Sample
210408-9h7wsybb7e
-
MD5
30909a9932c77fb923a96b1b090b4806
-
SHA1
2bbe988290a47de63763796db6a39de0e268a5cf
-
SHA256
23e650ad3f02ea9f4a402bf5e719d745b7c307c34fd8915045c79d51aab48741
-
SHA512
3a42c4e4384bed6fe50d3ac3cc02d65108b315ae899abea355792d2f1063be415d80aa1786bac9053a5b7a5f622491fcc5e53cb8c222c252a430b9af0c034836
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipping doc & Shipment tracking details.docx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL Shipping doc & Shipment tracking details.docx
Resource
win10v20201028
Malware Config
Extracted
http://23.95.122.24/..-.-.-.-.-.-.-.-.-.-.-._---------_-------_-------....-.-/................................................................................dot
Extracted
xloader
2.3
http://www.scott-re.online/nnmd/
bongwater.life
regalparkllc.com
gyanankuram.com
quehaydecenarhoy.com
israeldigitalblog.net
gatewaygaurdians.com
krphp.com
domentemenegi47.com
fjsibao.com
yetbor.com
goldenvalueable.com
finalexam-thegame.com
buyeverythingforbaby.com
phillydroneservices.com
xn--kck4cd0r.net
suns-brothers.com
xn--80aaxkmix.xn--p1acf
pjsgsc.com
7985699.com
blackmantech.fitness
acernoxsas.com
verochfotografa.com
az-pcp.com
clonegrandma.com
elpis-catering.com
gujaratmba.com
samanthataylordesigns.com
sinisviaggi.com
likehowto.com
ueoxx.com
americanscreentest.com
taniakarina.com
nevomo.group
syduit.com
elticrecruit.com
xn--v1bmo9dufsb.com
valid8.network
vt999app.net
privateselights.com
xpddwrfj.icu
mex33.info
ekolucky.com
v6b9.com
winnijermaynezigmund.site
papofabri.com
ranguanglian.club
vinegret.com
sorelaxedmassage.com
vr-club.site
raison-sociale.com
partapprintercare.com
dream-e-mail.com
cwcellar.com
vegrebel.com
my-weight-loss-blog.net
hcr.services
topmejoresproductos.com
foodates.com
l2zmamzoin.xyz
nevertraveled.com
ikoyisland.net
lawsoftwareteam.com
ufa2345.com
thechilldrengang.com
Targets
-
-
Target
DHL Shipping doc & Shipment tracking details.docx
-
Size
10KB
-
MD5
30909a9932c77fb923a96b1b090b4806
-
SHA1
2bbe988290a47de63763796db6a39de0e268a5cf
-
SHA256
23e650ad3f02ea9f4a402bf5e719d745b7c307c34fd8915045c79d51aab48741
-
SHA512
3a42c4e4384bed6fe50d3ac3cc02d65108b315ae899abea355792d2f1063be415d80aa1786bac9053a5b7a5f622491fcc5e53cb8c222c252a430b9af0c034836
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-