General
-
Target
RFQ_ V-21-Kiel-050-D02.xlsx
-
Size
2.3MB
-
Sample
210408-kjh2ggfb5a
-
MD5
051054b344afd533b44a9ba0fccfb513
-
SHA1
49b9e0447b933f40359f4794669c9f4d6b91b3f0
-
SHA256
5d8e95dcf9a291d1a3fe76875eac502899147aa4f86715c5db2fbbe8354ac262
-
SHA512
6598a3647b3e7aa8e3515c68eabdb2d84c3500e2df84be2f0fd37a2d83c7cb6f6d1d38fa9f9e6353b7034f271bce307e9f9042b3eab464f4d31737bf85c5ce63
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_ V-21-Kiel-050-D02.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ_ V-21-Kiel-050-D02.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.856380692.xyz/nsag/
usopencoverage.com
5bo5j.com
deliveryourvote.com
bestbuycarpethd.com
worldsourcecloud.com
glowtheblog.com
translations.tools
ithacapella.com
machinerysubway.com
aashlokhospitals.com
athara-kiano.com
anabittencourt.com
hakimkhawatmi.com
fashionwatchesstore.com
krishnagiri.info
tencenttexts.com
kodairo.com
ouitum.club
robertbeauford.net
polling.asia
evoslancete.com
4676sabalkey.com
chechadskeitaro.com
babyhopeful.com
11376.xyz
oryanomer.com
jyxxfy.com
scanourworld.com
thevistadrinksco.com
meow-cafe.com
xfixpros.com
botaniquecouture.com
bkhlep.xyz
mauriciozarate.com
icepolo.com
siyezim.com
myfeezinc.com
nooshone.com
wholesalerbargains.com
winabeel.com
frankfrango.com
patientsbooking.info
ineedahealer.com
thefamilyorchard.net
clericallyco.com
overseaexpert.com
bukaino.net
womens-secrets.love
skinjunkie.site
dccheavydutydiv.net
explorerthecity.com
droneserviceshouston.com
creationsbyjamie.com
profirma-nachfolge.com
oasisbracelet.com
maurobenetti.com
mecs.club
mistressofherdivinity.com
vooronsland.com
navia.world
commagx4.info
caresring.com
yourstrivingforexcellence.com
alpinevalleytimeshares.com
Targets
-
-
Target
RFQ_ V-21-Kiel-050-D02.xlsx
-
Size
2.3MB
-
MD5
051054b344afd533b44a9ba0fccfb513
-
SHA1
49b9e0447b933f40359f4794669c9f4d6b91b3f0
-
SHA256
5d8e95dcf9a291d1a3fe76875eac502899147aa4f86715c5db2fbbe8354ac262
-
SHA512
6598a3647b3e7aa8e3515c68eabdb2d84c3500e2df84be2f0fd37a2d83c7cb6f6d1d38fa9f9e6353b7034f271bce307e9f9042b3eab464f4d31737bf85c5ce63
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-