General
-
Target
Finalised With Changes.docx
-
Size
10KB
-
Sample
210615-8sl29valc6
-
MD5
6c09cfa2a148680caa675b37cc908d92
-
SHA1
e56e4c7405c2debb2f8e4f572e5ac50bb5999f3b
-
SHA256
012cca592dca94980a85020ffbddc96dd1bafc547d577d58f853d39e3c20d125
-
SHA512
cd8af3833888cb612d902716afc27aecbb6cc97c9cee0ae6eae18bda78571e573c90a77bd22524022fc851166b0cbb7015971c9f17d4dcd6c7047559625060b9
Static task
static1
Behavioral task
behavioral1
Sample
Finalised With Changes.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Finalised With Changes.docx
Resource
win10v20210408
Malware Config
Extracted
https://dummy_username@itsssl.com/uUWXb
Extracted
xloader
2.3
http://www.etnttcil.com/usur/
purpopup.com
mrswarrenspodcast.com
blinbins.com
parahomeoffice.com
20next.com
quiala.com
newccosecurity.net
throughthehagstone.com
hnxslawfirm.com
sztoium.icu
fullembodiedwoman.com
sankara-yoga.com
foottrafficcollective.com
acruxvacations.com
jadeena.com
neurotypicalspouse.com
onlyinwallkill.com
laurenkilbane.com
thebendavonte.com
regencydevelopmentstoronto.com
txkjsf.com
plasticmouldtools.com
trumphatersfortrump.com
nflkidz.com
reversemortgageloansmiami.com
thestockforums.com
hairessentialtips.com
rockwoodregent.com
flymonsters.com
harmonizedoffices.net
legacythemusic.com
dogsplaypalace.com
thescentedlifeco.com
alqzd.life
pandemiccraftee.com
tapoutclan.com
uoulogarinknowa.com
exploregodchurch.com
greenlinebg.com
lancheraiz.com
easonmarketingllc.com
titlecollective.net
wwwssphealth.com
towardsqa.com
sumarealcon.com
y-signs.com
wonderland.one
massapequapublicschools.com
costadelmarmexicangrill.com
frogtarget.net
lowendtherapy.com
empservicesfl.com
sumbadriftresort.com
martijnvanderlinden.media
ponexmedia.com
steezx.com
designmaveriuk.com
oumeijs.com
thechroniclesanonymous.com
tigasaki.com
meteormates.com
renoaleworx.com
familie-repenning.com
assept.com
Targets
-
-
Target
Finalised With Changes.docx
-
Size
10KB
-
MD5
6c09cfa2a148680caa675b37cc908d92
-
SHA1
e56e4c7405c2debb2f8e4f572e5ac50bb5999f3b
-
SHA256
012cca592dca94980a85020ffbddc96dd1bafc547d577d58f853d39e3c20d125
-
SHA512
cd8af3833888cb612d902716afc27aecbb6cc97c9cee0ae6eae18bda78571e573c90a77bd22524022fc851166b0cbb7015971c9f17d4dcd6c7047559625060b9
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-