General
-
Target
Products.xlsx
-
Size
446KB
-
Sample
210408-jmydycrh8x
-
MD5
aae56ba84519c7b28bba6f8240f2d169
-
SHA1
a90d2dcf16df76c5db19d2c48cb7148b4b675d75
-
SHA256
73b3fa9d738ba7f1e520e06b4760b77d9b044a3f5e96c9e13227255875e43bfa
-
SHA512
114b77853961ff46c52af2d38f4216f570aa5bab1b65d7b973db3725d1cebe9a68fead9e31ac54df2b41d2d3681c12886d09708481a82b1bfc13b52fc1c3395c
Static task
static1
Behavioral task
behavioral1
Sample
Products.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Products.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.paintersdistrictcouncil.com/vu9b/
longdoggy.net
gylvs.com
evonnemccray.com
nicemoneymaker.com
baby-schutzen.com
xgahovzm.icu
psdcompany.com
makeupjunkiewholesale.com
vz357.com
carshownet.com
forneyus.com
nfoptic.com
lampacosmetiques.com
newmandu.com
localupdate.net
theartofmajur1.com
bancosecurity.website
cabinhealthy.com
tiprent.com
lloydwellsandassociates.com
cekaventure.com
nahomredda.com
transitionmonster.com
apiquet.com
covidbizdisaster.com
darrelbrodkemd.com
sproutsocialleads.com
curtex.info
wsilhavy.net
regaltire.net
sellbulkweed.com
trumedenroll.com
pone2.com
jedinomad.net
sleekandshinebeauty.com
sango-style.com
bjshuangtai.net
shopasadesigns.com
siloamtree.com
happilyeverhughes.net
hayalpresst.com
wfdrc.icu
astronumerolan.com
pvplearing.net
moyoujf.com
bestwishesforyou.online
3erkala.xyz
calificatucasa.com
cuple.info
k-acad.com
iesco.net
investmentresourcesaz.com
4018398.com
cbluedotpanowdbuy.com
lllll0.com
plainsteelforsale.com
abarrotesflorita.com
tunemovie.website
dfendglobal.com
drvincewoodonline.com
support-applela.com
unclejoeandkamala2020.com
frrin.com
pennsylvaniapot.com
Targets
-
-
Target
Products.xlsx
-
Size
446KB
-
MD5
aae56ba84519c7b28bba6f8240f2d169
-
SHA1
a90d2dcf16df76c5db19d2c48cb7148b4b675d75
-
SHA256
73b3fa9d738ba7f1e520e06b4760b77d9b044a3f5e96c9e13227255875e43bfa
-
SHA512
114b77853961ff46c52af2d38f4216f570aa5bab1b65d7b973db3725d1cebe9a68fead9e31ac54df2b41d2d3681c12886d09708481a82b1bfc13b52fc1c3395c
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-