General
-
Target
d801e424_by_Libranalysis
-
Size
10KB
-
Sample
210430-ajq724n2xx
-
MD5
d801e4244d30d948a98f68d37abbaed3
-
SHA1
0f82739fc9522c5b06f591df09755f98316fc7e4
-
SHA256
5e918aec8ebdbc9ca2fd81f3685740d087332635e9c78cbd3616c482469054d0
-
SHA512
187059596d5842fbf2db9ccc435964c554ffcf72b557815f39eed18ab5c37cab372e11cddae4b074744b9b97fca8e1325fb9d479330ee6a38923f14c74ef56d4
Static task
static1
Behavioral task
behavioral1
Sample
d801e424_by_Libranalysis.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
d801e424_by_Libranalysis.doc
Resource
win10v20210410
Malware Config
Extracted
https://cutt.ly/abfROoi
Extracted
xloader
2.3
http://www.gailrichardson.com/qjnt/
funeralinsurancetoppro.info
californiaredstate.com
xn--jpr220deud640b.com
playx.finance
siamfellow.com
tekirdagvethelp.com
forrealmodels.com
desenergie.info
whynotplus.com
graniteinaminute.com
satgurucolorlabs.com
potviper.com
racevx.xyz
thebluefishhotel.net
elletesla.com
4608capaydrive.com
buckhead-meat.com
garage-repair-near-me.com
ubique.works
markokuzmanovicpreduzetnik.com
crochenista.com
rivcodevelopment.com
houstonwingate.com
libertyss.com
ganaentunegocio.com
classicshopin.com
startrekepisode.com
phenomlearning.com
ionawilde.com
sembachtigers.info
gmngapp.com
frotaconceitos.com
chartingbtc.net
bandinella.com
warriormovers.com
pds-navi.com
warriornotesgolbalprayer.com
xjbpsh.net
akerii.com
p-col.com
qs-industrial.com
eoapdj.com
bhcsva.com
ndsplan.com
hdepo.com
sligogolfacademy.com
querofalardesaude.com
hanju163.com
gritchiecharcoal.com
investiose.info
lesmoulinsdunord.com
frienzmusic.com
fishfutur.com
learnaboutwhatsnext.com
pursuetech.online
rocknwink.com
afribus-sarl.com
2crazyc.com
qianyafs.com
slots-drift-casino.com
laayoune4seasons.com
relaxxation.com
halostreams.net
medconditions.net
Targets
-
-
Target
d801e424_by_Libranalysis
-
Size
10KB
-
MD5
d801e4244d30d948a98f68d37abbaed3
-
SHA1
0f82739fc9522c5b06f591df09755f98316fc7e4
-
SHA256
5e918aec8ebdbc9ca2fd81f3685740d087332635e9c78cbd3616c482469054d0
-
SHA512
187059596d5842fbf2db9ccc435964c554ffcf72b557815f39eed18ab5c37cab372e11cddae4b074744b9b97fca8e1325fb9d479330ee6a38923f14c74ef56d4
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-