General
-
Target
Payment Advice.xlsx
-
Size
1.3MB
-
Sample
210507-28ydes2wy2
-
MD5
27a4ea6ad33b8e1e3cb9ea0e262dbfc6
-
SHA1
55a9703dee40f97782f054c6433e181e196e1ae4
-
SHA256
2b17837e2710c60fa874be6b28a89c8cdae41b004e85fcef8c0782b3cd1216a5
-
SHA512
3937b5f3b37554c26e7314a50eeb76cbdc386e6404fa86b3beac8c26eb2cf81a49c82f4874c9723055c2ca15f0a6119878959422b5e39b71736d76eba90a0765
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Payment Advice.xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
http://www.zlzntiayc.icu/a6ru/
noseainsight.com
chateaudedigoine.com
tezhonda.com
lowergwyeneddmassage.com
convenienttext.com
quickbookaccountingpros.com
mashburneventcenter.com
marthabymsfashion.com
thearcadela.com
invisiblefingerprint.com
nikadoo.com
artsmartclinton.com
elitetouringinnovations.com
atualizarapp2020.com
nideke1.com
fyj-sh.com
rufflesales.com
algemixdelchef.com
appleoneplus.com
ryosuketanikawa.com
domainsforpharma.com
sxhsti.com
squeakyslimes.com
theccmsacademy.com
ketquavip1.net
hstchwritr.com
cabinettec.com
iiscoder.com
ozdjservices.com
needscheck.com
hammocksrecovery.com
thedaiquiriexplosion.com
tantricgirlclothing.com
stealthpup.com
homehunters-eg.com
buffaloce.com
resilientquality.com
020view.com
cheapyetihats.com
allamericanqueens.com
massagerest.com
photogenic.homes
globalcheapflights.net
kuppers.info
redfiendpub.com
nrbadvogados.com
nighthawkmediagroup.com
gilsilva022pro.com
healthpossibilities.com
japlasmartshop.com
6927199.com
pizzanpickle.com
schnitzel.party
spkariyer.com
amsterdambrownies.com
laboratorioinfodigital.com
retailmedicaldepot.com
registeraccountants.amsterdam
khadeidralegendre.com
indialearninghub.com
xinjidf.com
thehawkproz.com
shpmtents14.com
kelaskaya.com
Targets
-
-
Target
Payment Advice.xlsx
-
Size
1.3MB
-
MD5
27a4ea6ad33b8e1e3cb9ea0e262dbfc6
-
SHA1
55a9703dee40f97782f054c6433e181e196e1ae4
-
SHA256
2b17837e2710c60fa874be6b28a89c8cdae41b004e85fcef8c0782b3cd1216a5
-
SHA512
3937b5f3b37554c26e7314a50eeb76cbdc386e6404fa86b3beac8c26eb2cf81a49c82f4874c9723055c2ca15f0a6119878959422b5e39b71736d76eba90a0765
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-