General
-
Target
payment detail.xlsx
-
Size
1.3MB
-
Sample
210722-yfsg2y6dca
-
MD5
6eb0b98b71b47226880cf66454012b21
-
SHA1
775fa55b338f7409f5f505e1e453177f02a5014c
-
SHA256
712a54a86587b69b9520604ddc0f1257298b086cc96b526b5ee9e18a4daddb6d
-
SHA512
2f099c80afd0aa95fb904f556a34a50996d05c631b6e7f8ed45458d9ae6fa794e7d1e27b3e05130a4402a0ef47988ec1c27f9ca74804c34ca17bf9f5a6167481
Static task
static1
Behavioral task
behavioral1
Sample
payment detail.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
payment detail.xlsx
Resource
win10v20210408
Malware Config
Extracted
xloader
2.3
http://www.tjbc-bearing.com/u6bi/
5588aiai.com
sint-ecommerce.com
epreyn.com
unexpectedbrewing.com
pomiandpam.com
viverdebatatas.com
dirham.world
accademiadelfuturo.net
mengyaheng.com
ilocalrealtor.com
glomiotel.website
metal1sa.com
kslife.net
maxfitnesslakeoconee.com
hoteldeleauvive.com
sidingzhou.com
getvocall.com
basicryptomining.com
indiasofannapolis.com
tresorbrut.com
majesticmanicures.com
fstreamztv.com
gohospo.net
divineryoga.com
daiye.net
shopnjteamstersfc.com
vartomp.wales
xn--ikkonentra-3ib.com
thejasonjournal.com
uluuclub.com
qlitepower.com
edimetics.com
citestaccnt1598597207.com
vincedoeslife.info
itsoriente.com
29atlantic.com
2021cacondo.com
vac.one
rebeccacorreiadance.com
bladingelse.com
vm-agritech-ltd.net
tiltyi.com
buntunm3.com
obluebeltpanomall.com
pvbankonline.com
dlqvisa.com
morganrealtyinc.net
semmedodigital.com
thrivemilano.com
satyamsofficial.com
kitchenchampsclub.com
aervius.com
htchotshot.com
alephpos.com
midfirstprivagebank.com
puzzlesvr.com
tbwhzp.com
kyuramenstatenisland.com
snackwine.com
terangatourisme.com
cophi.net
sdnjjywlc.com
ukdooss.icu
sumayyaejaz.com
Targets
-
-
Target
payment detail.xlsx
-
Size
1.3MB
-
MD5
6eb0b98b71b47226880cf66454012b21
-
SHA1
775fa55b338f7409f5f505e1e453177f02a5014c
-
SHA256
712a54a86587b69b9520604ddc0f1257298b086cc96b526b5ee9e18a4daddb6d
-
SHA512
2f099c80afd0aa95fb904f556a34a50996d05c631b6e7f8ed45458d9ae6fa794e7d1e27b3e05130a4402a0ef47988ec1c27f9ca74804c34ca17bf9f5a6167481
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-