General
-
Target
Quotation Zhejiang.xlsx
-
Size
2.5MB
-
Sample
210408-twsk5x81kx
-
MD5
a783de23277908ff94909e76e010e774
-
SHA1
1439eb6b441bbe2723cb05829011a9fd415caafb
-
SHA256
0d5ed941ed1f15a168cdd5be0abc6b9a0806ae42c267f7eb5ca35f5697fdf346
-
SHA512
7d31e27c69bad458c21bd8775970645c0b257b2e8e0e592b1b40bd79725544d98643ae96d51a4322dcc88f749522d245ac9821238b8421c63a3a7715ef7bac85
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Zhejiang.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation Zhejiang.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.stone-master.info/aqu2/
thesixteenthround.net
nagoyadoori.xyz
bipv.company
imaginus-posters.com
heliumhubs.com
baohood.com
thesahwfam.com
susanlevinedesign.com
pdxcontracttracer.com
shopathamiltons.com
qcmax.com
didongthongminh.store
igotbacon.com
5915599.com
seacrestonsietakey.com
bumiflowers.com
arcax.info
lfhis.com
mlqconsultores.com
duilian2013.com
pmrack.com
zayo.today
latiina.space
fitandfierceathletics.com
printerpartsuk.com
xn--2021-kmd.com
shujahumayun.com
younitygroup.com
serinelab.com
infinapisoft.com
administrativoinform.photos
all4mortuary.com
annaschenck.xyz
christlicheliebe.net
starr2021.com
familierafting-aktiviteter.com
thunderoffroadresort.com
mex33.info
serversexposed.com
chronicbodypaintherapy.com
billionaireblinggg.com
permanentmarkertattoo.com
albestfab.com
biehnrecords.com
yesonmeasurec.vote
bootstrapexpress.com
howtopreventwaterpollution.com
fatlosszone4u.com
hostvngiare.com
dottproject.com
appgusher.com
playfulpainters.com
gab.expert
18598853855.com
bizcebozca.com
bedpee.com
militaryhistorytv.com
teluguc.net
420vaca.com
ritarkomondal.com
autobrehna.com
happlyending.com
arcticblastairheat.com
urbanladder.info
Targets
-
-
Target
Quotation Zhejiang.xlsx
-
Size
2.5MB
-
MD5
a783de23277908ff94909e76e010e774
-
SHA1
1439eb6b441bbe2723cb05829011a9fd415caafb
-
SHA256
0d5ed941ed1f15a168cdd5be0abc6b9a0806ae42c267f7eb5ca35f5697fdf346
-
SHA512
7d31e27c69bad458c21bd8775970645c0b257b2e8e0e592b1b40bd79725544d98643ae96d51a4322dcc88f749522d245ac9821238b8421c63a3a7715ef7bac85
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-