General
-
Target
W029621.xls
-
Size
342KB
-
Sample
210420-g4p997k5qj
-
MD5
dcb68156748e6c71ef5df8d9dddb3ff6
-
SHA1
ffee33ce2a6b4523a5f7323ca00a7347b1dc986a
-
SHA256
7da573f1004e4bb9c6979a6ccca45da8998deaa92dd1e318d128ff4888212536
-
SHA512
eb24bd095799613417aaf3b0d8344af0cfce01d9700379e5e3ed7b8eff3f0d5abd3606866704a871aa0e2469b84ca24ce2416a590711329695ed0e700276186e
Static task
static1
Behavioral task
behavioral1
Sample
W029621.xls
Resource
win7v20210410
Behavioral task
behavioral2
Sample
W029621.xls
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
http://www.preciousvessel.com/spj6/
kdelchev.com
myriamward.com
megaconsulting.pro
sunglassesmu.com
hispanavisionct.com
bodaciousbuffy.com
chuhuu.com
jerexcursion.com
merkabahindustries.com
shaktiroommontreal.com
violet-moon-interior-design.com
pyrosunited.com
89xs.xyz
bestchatonline.com
cubiscoin.com
ianzu.com
playersresearch.com
digitalvl.com
baans-barw.com
yuria-rain.com
littletonautoparts.com
maxstratosband.com
landmarkshoes.com
windhowls.com
boonbang.com
ladylacewig.com
football-highlights.online
ampbetting.com
zuerich-orthopaedics.com
divorcequiz.com
idahooutsiders.com
adindia.online
arsenismiaris.com
cougarjack.net
dtbjx.com
streetfoodaroundtheglobe.com
laosredwood.net
northparkcampground.com
fundacjacd.com
3thaiph.com
devavara.com
artworldmag.com
filans.xyz
kuppers.info
abogusz.art
vesivietnam.com
ourforms.net
qmglg.com
unhackabledream.com
inesatwall.info
my-watch-strap.com
nedafarm.com
myonlinesericing.com
shopjrock.com
altac.pro
hodongfarm.com
alienmisttree.net
miamipopcello.com
normiecat.com
beautybar.sucks
myandroidhead.com
edevlet-giris-hizmetler.com
mamamiafoodies.com
pandagsm.com
Targets
-
-
Target
W029621.xls
-
Size
342KB
-
MD5
dcb68156748e6c71ef5df8d9dddb3ff6
-
SHA1
ffee33ce2a6b4523a5f7323ca00a7347b1dc986a
-
SHA256
7da573f1004e4bb9c6979a6ccca45da8998deaa92dd1e318d128ff4888212536
-
SHA512
eb24bd095799613417aaf3b0d8344af0cfce01d9700379e5e3ed7b8eff3f0d5abd3606866704a871aa0e2469b84ca24ce2416a590711329695ed0e700276186e
Score10/10-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-