General
-
Target
PRC-20-518 ORIGINAL.xlsx
-
Size
2.3MB
-
Sample
210408-phxx1axlqx
-
MD5
c80ada6775e717cdd47af7b4fda60728
-
SHA1
c6e714a491490359f48fbb35fba4b0ec00e60d5a
-
SHA256
ef838475e670d8af60da44f03fb314461f97070e67bade2b89e52e6e59c4054a
-
SHA512
e3042a0b487c210a1d68d653b65131a22bcf5dbcb75fe41d6b2399cc1a829befa8c28e2843903947b92018bde5593468dd0fac810e1cd0f686d2d22a58b9fc8e
Static task
static1
Behavioral task
behavioral1
Sample
PRC-20-518 ORIGINAL.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PRC-20-518 ORIGINAL.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.frontierglasseastaurora.com/g050/
threephotonics.com
ancientalgorithms.com
macroissance.com
baldhousemusic.com
intotechsolutions.com
mitklassik.com
mybadnews.com
westport-quayside.com
hospitalscales.net
automatedplatforms.com
simplepartyplanningcourse.com
zuluforest.com
jflindsey.com
xamap.club
businesslaunchbox.net
higashiyamajin.xyz
solutionsolvegh.com
vtolvertiportservices.com
customroofunderlayment.com
conflictcyber.com
demooijtransport.com
sageconceptscatering.com
trongrand.com
etiquality.net
kuppers.info
derevafood.com
doxaconstructora.com
bespago.com
santamonicaseafooddock.com
rtstsllc.com
yaopingtu.com
xingchenjc.com
2greatoaksroad.com
youyescap.com
techyara.com
puptrimmerpro.com
freakyskull.com
riseandgrindbb.com
chitrakaah.com
sofritia.com
gosunnydale.com
7evy0.com
aschaillestt.com
l7zexitam.xyz
redefirolli.xyz
myuhc4me.com
recruitina.com
iopco.com
comerciaras.com
ice-tracker.com
amorgoliakos.com
halalnoidasdahome.online
kenlibowsandaccessories.com
camgirladdiction.com
chronicleofheroes.com
aoneindiatour.com
getcheckedeasy.com
mrehawaii.com
2020collateralmonitoring.com
familyfinancial.online
leptitoxus.club
grupornps.com
straightaheadflixfilms.com
webumu.com
Targets
-
-
Target
PRC-20-518 ORIGINAL.xlsx
-
Size
2.3MB
-
MD5
c80ada6775e717cdd47af7b4fda60728
-
SHA1
c6e714a491490359f48fbb35fba4b0ec00e60d5a
-
SHA256
ef838475e670d8af60da44f03fb314461f97070e67bade2b89e52e6e59c4054a
-
SHA512
e3042a0b487c210a1d68d653b65131a22bcf5dbcb75fe41d6b2399cc1a829befa8c28e2843903947b92018bde5593468dd0fac810e1cd0f686d2d22a58b9fc8e
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-