General
-
Target
12.docx
-
Size
10KB
-
Sample
210420-7ygmy1v9da
-
MD5
82e1fb826c9e003297b9fd6a6a6ccc47
-
SHA1
c3e9cbec88cf6cce927af482bb909d33caee6693
-
SHA256
a151fff315abbea8d1eab7c0ceec119f6617d8963cedf50a7f5490019f39d491
-
SHA512
5be153ba0885b56336292faa636ea7ce2bf4d1fc2d18099c617c8284354206f821117890f8843678087a0840b4cd5c407dfc66107a376a39b4c7e8be8656c67a
Static task
static1
Behavioral task
behavioral1
Sample
12.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
12.docx
Resource
win10v20210408
Malware Config
Extracted
http://23.95.122.25/.-...............................................................................................-/........dot
Extracted
xloader
2.3
http://www.batiktintaemas.com/goei/
bet365o2.com
gulf-landlord.info
foodsystemsjusticeproject.com
ronwongart.com
fwgkdhg.icu
armanrugservice.com
mapadequito.com
vbkulkarni.com
ltsbinge.com
creativem2.com
mindflexlab.com
ushealthvisa.com
247carkeyslondon.com
addthat.xyz
zanzan8.com
legendsalliance.net
shopflyonline.com
csgo-roll.net
reutbergcapital.com
mediaworkhouse.com
office-tourism-tirana.com
evecrude.xyz
sportwillwin.com
cluskmusk.com
her2mymeme.com
rsw3313.com
digitalmarketingmoves.com
seaworldminecraft.com
onlinecollegetherapy.com
ourmonaca.com
generalflix.com
limonproduce.com
casalomasymphonyorchestra.com
karyapertama.com
massaponaxhighschool.com
covidtracksb.com
breathharbour.net
italianrealestateagents.com
xn--ga-c9a.com
libreo.club
leverhump.store
kevinrsamuels.network
pimpmyrecipe.com
win-back.online
kelasipo.com
caross-china.com
ly-iot.com
nolimitsynthetics.net
epicfriend.club
19come.com
lcjzjt.com
lxpvccard.com
distributorfocuson.com
looneytunesrun.com
mariebiernacki.com
maquinaclub.com
randalldavisauthor.com
niggeruprising.com
theexpatweightcoach.com
mex33.info
imbravura.com
baldosasanjose.com
akindousa.com
ourmunera.net
Targets
-
-
Target
12.docx
-
Size
10KB
-
MD5
82e1fb826c9e003297b9fd6a6a6ccc47
-
SHA1
c3e9cbec88cf6cce927af482bb909d33caee6693
-
SHA256
a151fff315abbea8d1eab7c0ceec119f6617d8963cedf50a7f5490019f39d491
-
SHA512
5be153ba0885b56336292faa636ea7ce2bf4d1fc2d18099c617c8284354206f821117890f8843678087a0840b4cd5c407dfc66107a376a39b4c7e8be8656c67a
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-