General
-
Target
Shipping Documents.xlsx
-
Size
2.2MB
-
Sample
210408-lmjy842bg6
-
MD5
ab599dc3956c9e72ad6187bca6d7d783
-
SHA1
c06939ab8436da2f3c37d0cece53837960943d19
-
SHA256
ce11e96fe93545cd9d381c440d7e172eebfe7c0e177c6485216313b144c415a3
-
SHA512
a28926991314329da86c8e76caeb0793c1f495733fdd5d61347eba55e0e65cdea3a9a02c23d0f912c86429228ab0eef9e010f8cd64dfbccacd5bc7f234d86cb2
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping Documents.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.autotrafficbot.com/evpn/
memoriesmade-l.com
babypowah.com
usinggroovefunnels.com
qapjv.com
kp031.com
kinfet.com
markmalls.com
keithforemandesigns.com
fydia.com
jesussaysalllivesmatter.com
sarachavesportela.com
standerup.com
monthlywifi.com
productsoffholland.com
newbieadvice.com
globalnetworkautomation.com
theholisticbirthco.com
physicalrobot.com
thesouthernhomesellers.com
teamcounteract.com
icomplementi.com
jsmsheetmetal.com
jcernadas.com
del-tekzen.com
alekseeva-center.info
arunkapur.com
gregismyrealestateagent.com
soalfintech.com
notrecondourbania.com
alum2alum.network
gototaku.com
moneymakeideas.com
dbdcontractlngllc.com
tor-one.com
walgreenlitigation.com
votestephaniezarb.com
washathome.club
zhuledao.com
sonyjewls.com
oncologyacademe.com
kuppers.info
cgpizza.net
glgshopbd.com
dodson4tulare.com
mishtifarmers.com
a1-2c.com
oligan-gs.com
countrysidehomeinvestors.com
bpro.swiss
fodiyo.com
playelementsgame.com
melhorquesantander.com
jamessicilia.com
abundancewithmelissaharvey.com
vatandoost.com
curiosityisthecurebook.com
o8y8.com
de-knutselkeet.com
advisorsonecall.com
homerangeopen.com
brusselsdesignproject.com
0449888.com
psychicsjaneholden.com
b-sphere.com
Targets
-
-
Target
Shipping Documents.xlsx
-
Size
2.2MB
-
MD5
ab599dc3956c9e72ad6187bca6d7d783
-
SHA1
c06939ab8436da2f3c37d0cece53837960943d19
-
SHA256
ce11e96fe93545cd9d381c440d7e172eebfe7c0e177c6485216313b144c415a3
-
SHA512
a28926991314329da86c8e76caeb0793c1f495733fdd5d61347eba55e0e65cdea3a9a02c23d0f912c86429228ab0eef9e010f8cd64dfbccacd5bc7f234d86cb2
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-