General
-
Target
ecb02fbc_by_Libranalysis
-
Size
10KB
-
Sample
210520-gn6h1jp8d6
-
MD5
ecb02fbc03e5081a20ee10b35eb1efe8
-
SHA1
d41872cf3b63ef4b2292c3aed946e8515d2b9dda
-
SHA256
ff71526ee8d92ee36f36e5daa68bfc81e64a71931b2baf14b350a38d25ac5f10
-
SHA512
cc23a244487612e9c317e4b9d07b73e1315f25257aa60f6b9bb84bc9dbf3c4c16e59e561a0301c3dd4376a314abde733f212d43fde0c2c924e047a8b1ac65e2f
Static task
static1
Behavioral task
behavioral1
Sample
ecb02fbc_by_Libranalysis.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ecb02fbc_by_Libranalysis.doc
Resource
win10v20210408
Malware Config
Extracted
http://wordfiletransfertocustomer.mangospot.net/-.......................................-.........................-/...........................................wbk
Extracted
xloader
2.3
http://www.yuanyouwang.com/njhr/
kyyx666.com
chicasgunsboutique.com
effectivevip.com
xvideoapps.com
mythree-informationupdates.com
concrete-cleaners.com
zxywxmr.com
runreach.com
khoemanh.club
basecampmedics.com
alloneart.com
thepeoplesgauntlet.com
pinkinomanbeauty.com
level60media.com
master.recipes
acadlearning.com
1001voltas.com
bakegeeks.com
fontaine-escargots.com
lushlobes.net
stripia.com
foundyourthing.info
saveursdelaferme.com
antoniolopezmurillo.com
storeralumni.com
blakfri.com
applife.info
recipesfordivineliving.com
nlk-bazis-mail.online
finansalgayrimenkul.com
elegancesuit.com
metrouv.com
sweetlittlegoodthings.com
jumbkprivacy.com
joshjohnson.pro
09012345678.com
assamesets.com
medtrustadvisors.com
patboydpropertiesllc.com
pusatsopsubarashi.com
beaconhillboston.net
gerinus.com
travelchina.store
hsyl272.com
underpressurecare.com
jasminespot.com
homebuyerspa.com
contorig2.com
jmshomestore.com
naturelinekwt.com
letscompile.com
bryanmayor.com
oryzeae.xyz
willysuefarms.com
fmayuttaya.com
digitaldownlinesecrets.com
wantedtrek.com
digitalnaturedc.com
motels2.com
impactxnow.com
edenwholistichealth.com
environm.net
mst-srv.net
stoneautoaces.com
Targets
-
-
Target
ecb02fbc_by_Libranalysis
-
Size
10KB
-
MD5
ecb02fbc03e5081a20ee10b35eb1efe8
-
SHA1
d41872cf3b63ef4b2292c3aed946e8515d2b9dda
-
SHA256
ff71526ee8d92ee36f36e5daa68bfc81e64a71931b2baf14b350a38d25ac5f10
-
SHA512
cc23a244487612e9c317e4b9d07b73e1315f25257aa60f6b9bb84bc9dbf3c4c16e59e561a0301c3dd4376a314abde733f212d43fde0c2c924e047a8b1ac65e2f
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-