General
-
Target
new order 18190001.xlsx
-
Size
1.2MB
-
Sample
210819-l311t4zpbx
-
MD5
727cef81cf0948f6d8ed9a1308cf4ff0
-
SHA1
4f7c6fa08eba471217c7775f55e6d258cddbe2aa
-
SHA256
7a1e447f7534a388da24abdb7187757d8db1402edc08b3d74bb763cd0a18f86e
-
SHA512
5882592d9a29d6fba033dd9bbbb58779e31250f007dc742b5a17b150434767395bb397fac765a2f62b935443578243490069bd2b450d353c1191972f55772a72
Static task
static1
Behavioral task
behavioral1
Sample
new order 18190001.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
new order 18190001.xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
ahdu
http://www.casinoregio.com/ahdu/
premiumfreebie.com
spintheblackestcircles.com
okaidoku-shop.net
zonaseguradregistropremios.com
wzocflfow.com
maanyah.com
warrioredjuan.com
uniquelypizza.com
wondertreehr.com
ddriiverzautozs.com
mattenterline.com
urenium.com
salonjedibreakthrough.com
imgkurd.com
pierrejacqueslyon.com
quimicasurandina.com
jkpfukgmt.icu
ansariclinic.com
ashleysema.design
arkadiafoliage.com
fhstzy.com
beautyandherocean.com
hgw234.com
whiteclawdogseltzer.com
montecitobeaches.com
weixinseo.xyz
javpanel.com
mayonnaiseplant.com
shooternetsports.com
withagecny.com
northernloss.com
theshedscharityshop.com
mi-darulaman.com
sezginotel.com
dreamcricketpro.com
mail-globo-com-webmails.com
seucorpofit.com
konversiondigital.com
nirvavacenter.com
communicateforfreedom.com
maxwellgroupphyscians.com
ltcy4.com
find-my-kids.com
gromov-plc.com
premiercovidscreening.com
telemedde.com
ifapt.com
getopalace.com
ralsendo.com
weinsurebars.com
bainrix.com
precisionprobusiness.com
therussellpinto.com
resepindonesia.space
obluedotpanobuy.com
vrev.net
source824.xyz
betsunmacougold.com
mabtas.com
mazcommunity.com
blockchainwallet.solutions
valentineennett.xyz
dolcevazquez.com
institutobalcarceolavarria.com
Targets
-
-
Target
new order 18190001.xlsx
-
Size
1.2MB
-
MD5
727cef81cf0948f6d8ed9a1308cf4ff0
-
SHA1
4f7c6fa08eba471217c7775f55e6d258cddbe2aa
-
SHA256
7a1e447f7534a388da24abdb7187757d8db1402edc08b3d74bb763cd0a18f86e
-
SHA512
5882592d9a29d6fba033dd9bbbb58779e31250f007dc742b5a17b150434767395bb397fac765a2f62b935443578243490069bd2b450d353c1191972f55772a72
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-