General
-
Target
PRICE REQUEST 40 ft container x2.xlsx
-
Size
1.2MB
-
Sample
210819-djxvmcyjpa
-
MD5
bc610c62b55edcf3c04507c4d9e01f56
-
SHA1
d9760cee2dba67707928d561dac1e3368fbeefce
-
SHA256
ea96d3bfb39964e7456574dece180d7c22476e97eed8c77f8600c9244d1270f5
-
SHA512
cce745f67d861375f834f0308c3581ec5860888a176de3ce27dbcfda57108a4908576fd713c84db4e9aca4e01c86367743c7b3926a3692c821023131ea9e1a8c
Static task
static1
Behavioral task
behavioral1
Sample
PRICE REQUEST 40 ft container x2.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PRICE REQUEST 40 ft container x2.xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
n8ba
http://www.narrowpathwc.com/n8ba/
thefitflect.com
anytourist.com
blggz.xyz
ascope.club
obyeboss.com
braun-mathematik.online
mtsnurulislamsby.com
jwpropertiestn.com
animalds.com
cunerier.com
sillysocklife.com
shopliyonamaaghin.net
theredcymbalsco.com
lostbikeproject.com
ryggoqlmga.club
realestatetriggers.com
luvlauricephotography.com
cheesehome.cloud
5fashionfix.net
wata-6-rwem.net
ominvestment.net
rrinuwsq643do2.xyz
teamtacozzzz.com
newjerseyreosales.com
theresahovo.com
wowmovies.today
77k6tgikpbs39.net
americagoldenwheels.com
digitaladbasket.com
gcagame.com
arielatkins.net
2020coaches.com
effthisshit.com
nycabl.com
fbvanminh.com
lovebirdsgifts.com
anxietyxpill.com
recaptcha-lnc.com
aprendelspr.com
expatinsur.com
backtothesimplethings.com
pcf-it.services
wintonplaceoh.com
designermotherhood.com
naamt.com
lifestylebykendra.com
thehighstatusemporium.com
oneninelacrosse.com
mariasmoworldwide.com
kitesurf-piraten.net
atelierbond.com
mynjelderlaw.com
moucopia.com
hauhome.club
imroundtable.com
thralink.com
baoequities.com
nassy.cloud
goldenstatelabradoodles.com
revenueremedyintensive.com
dfendglobal.com
pugliaandgastronomy.com
cypios.net
trinioware.com
Targets
-
-
Target
PRICE REQUEST 40 ft container x2.xlsx
-
Size
1.2MB
-
MD5
bc610c62b55edcf3c04507c4d9e01f56
-
SHA1
d9760cee2dba67707928d561dac1e3368fbeefce
-
SHA256
ea96d3bfb39964e7456574dece180d7c22476e97eed8c77f8600c9244d1270f5
-
SHA512
cce745f67d861375f834f0308c3581ec5860888a176de3ce27dbcfda57108a4908576fd713c84db4e9aca4e01c86367743c7b3926a3692c821023131ea9e1a8c
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-