General
-
Target
payment-000598635.docx
-
Size
10KB
-
Sample
210504-2thsf3zeka
-
MD5
5c73df1769f5842ee5810e849f76479c
-
SHA1
72282281170957eebefe050b767e9d25b0263ca9
-
SHA256
7ee841fa5f82f3b229064a75f3454d595899132f93a5d77045cd4786d03615de
-
SHA512
67471217d91696acc7bd0a1245606f35ebb76df8f09dc17aaef854971df059b76abb6a8c4134ea7e7003dcdf3a3ba5657d3d645f4029e7c1bb18900adbc4e893
Static task
static1
Behavioral task
behavioral1
Sample
payment-000598635.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
payment-000598635.docx
Resource
win10v20210410
Malware Config
Extracted
https://is.gd/2x73Dx
Extracted
xloader
2.3
http://www.apluspro.online/bgnq/
customsclearingagents.com
vsemasteraokon.online
seeheresthething.com
chozamtravel.com
cjkustom.com
djeffexla.com
survivingks.com
rokascapitalmanagement.net
tekdesignlimited.com
1499parkave.com
fontanerosboadilla.com
jesusencounterminisries.com
uouhodler.com
cordstraw.com
dab50074.com
sarahleinartstore.com
inawinnebago.com
wassersportzentrum.online
giselabustamante.com
gulaturun.com
help4americanheroes.com
manuellandmann.com
togshot.com
indapolisitaiik.com
equilibriumarket.com
toucanwellness.com
piyboo.com
zoom4k.xyz
babe-boutique.com
f28smart.com
lawrencepestcontrolpros.com
yeethong.com
thewowwomen.com
priscillamaury.com
curtex.info
jennifernealtarot.com
atiqherbal.com
geraldgulley.com
jenniferlarmstrong.com
imaymei.com
electricporsche986.com
mikeahenry.com
colinscotflorals.com
01cheshi.com
hellofresh.club
infinitegrowthmarketing.com
kuryeforum.xyz
khalifehlivestock.com
biryanished.com
originallionqueen.com
tajigroup.com
instuctur.com
pennyfishdesigns.com
dulceespera.net
corporate-hero.com
sensers.club
unionbayblog.com
romaindaubord.com
kwrecruitment.com
hostingforphotographers.com
107001.com
lovelaughwine.com
simplyhealrhcareplans.com
thedoubletwelve.com
Targets
-
-
Target
payment-000598635.docx
-
Size
10KB
-
MD5
5c73df1769f5842ee5810e849f76479c
-
SHA1
72282281170957eebefe050b767e9d25b0263ca9
-
SHA256
7ee841fa5f82f3b229064a75f3454d595899132f93a5d77045cd4786d03615de
-
SHA512
67471217d91696acc7bd0a1245606f35ebb76df8f09dc17aaef854971df059b76abb6a8c4134ea7e7003dcdf3a3ba5657d3d645f4029e7c1bb18900adbc4e893
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-