General
-
Target
evaluation quote.docx
-
Size
10KB
-
Sample
210420-gelmm8395e
-
MD5
bd609da0d3cc74098b2e771b8fce0915
-
SHA1
b7058fe67f5f769995f77294975a4d8688ffa1e0
-
SHA256
67d398e11b6229ba7fd8895f73dc96ff99fd50a2f6c7360938e0a4eb748a18e8
-
SHA512
82ecf121b3f89055c633640e99ce62a09c9eab01588c79653b36347259d13a37883f46913b8a43b70ccc8753cf5255e02b4f546e22f2d93718e82007949fe1db
Static task
static1
Behavioral task
behavioral1
Sample
evaluation quote.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
evaluation quote.docx
Resource
win10v20210410
Malware Config
Extracted
http://23.95.122.25/-..-/......dot
Extracted
xloader
2.3
http://www.nyclgbxyi.icu/u6nq/
lamailefr.com
creativesword.com
mpconnextions.com
tureture-diary.net
ateamtotalcare.com
ihealthsauna.com
contex33.xyz
hotege.club
candiceco.com
southerntwistent.com
foivgohl.com
azetheelynn.art
galsmith.com
alphaquantumfunds.site
mursiony.club
ajobfit.com
resourceunits.com
metropolitanez.net
shaohuizq.com
tedbagsstore.com
hvygcj.com
anthonyfry.com
drinkjoisi.com
webgomo.com
k12paymemtcenter.com
pal-photo.net
gzlcwl.com
robertbunisrealestate.com
visitaswede.com
budo.team
goodreality1.com
kenkelconsulting.com
niuzaiapp.com
bookjoegandelman.com
deluzultravioleta.com
achievecake.com
bluehensolutions.com
findthesmartphone.com
205southsignalstojai.com
risk-neutralport.com
moongoodies.com
elevatedeventcatering.com
nubiaurquizopeluqueria.com
j2ztvwx5dz.club
csnturkiye.com
unsoldauctionproperties.com
sharkorderusa.com
apexmaintenancegroup.com
nakedlies.net
allthe-things.com
yourfaithinluck.com
seniorflying.com
downy.sucks
yocontramismostros.com
ine.expert
rockfirenola.com
vssop.xyz
xn--3bss1rzz1apulk7k.com
hearts2give.com
littlecreatorz.com
ericthelefty.com
setosahealth.com
legalopinion.guru
farneasy.com
Targets
-
-
Target
evaluation quote.docx
-
Size
10KB
-
MD5
bd609da0d3cc74098b2e771b8fce0915
-
SHA1
b7058fe67f5f769995f77294975a4d8688ffa1e0
-
SHA256
67d398e11b6229ba7fd8895f73dc96ff99fd50a2f6c7360938e0a4eb748a18e8
-
SHA512
82ecf121b3f89055c633640e99ce62a09c9eab01588c79653b36347259d13a37883f46913b8a43b70ccc8753cf5255e02b4f546e22f2d93718e82007949fe1db
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-