General
-
Target
PayeeAdvice_IN10163_Q0158315_41720.xlsx
-
Size
1.2MB
-
Sample
210820-2t1a4x9zzn
-
MD5
556ed2559ab158f47739dc1426dbb77b
-
SHA1
cb10bbb7a621ec6b33ff9a9594b109bf6d6abe29
-
SHA256
a95a1c04fce6b30cf856d6702e46cc99a74079c6c79575ffb6c2015f707ec9bf
-
SHA512
bed578373e6ec96a8f184f1e1379ec53868ab77dd35b13bafd627c3220b4a89939315876837254a49f59e5138e1da142bead7242f87ac134291a29eedb86ca81
Static task
static1
Behavioral task
behavioral1
Sample
PayeeAdvice_IN10163_Q0158315_41720.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PayeeAdvice_IN10163_Q0158315_41720.xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
n8ba
http://www.narrowpathwc.com/n8ba/
thefitflect.com
anytourist.com
blggz.xyz
ascope.club
obyeboss.com
braun-mathematik.online
mtsnurulislamsby.com
jwpropertiestn.com
animalds.com
cunerier.com
sillysocklife.com
shopliyonamaaghin.net
theredcymbalsco.com
lostbikeproject.com
ryggoqlmga.club
realestatetriggers.com
luvlauricephotography.com
cheesehome.cloud
5fashionfix.net
wata-6-rwem.net
ominvestment.net
rrinuwsq643do2.xyz
teamtacozzzz.com
newjerseyreosales.com
theresahovo.com
wowmovies.today
77k6tgikpbs39.net
americagoldenwheels.com
digitaladbasket.com
gcagame.com
arielatkins.net
2020coaches.com
effthisshit.com
nycabl.com
fbvanminh.com
lovebirdsgifts.com
anxietyxpill.com
recaptcha-lnc.com
aprendelspr.com
expatinsur.com
backtothesimplethings.com
pcf-it.services
wintonplaceoh.com
designermotherhood.com
naamt.com
lifestylebykendra.com
thehighstatusemporium.com
oneninelacrosse.com
mariasmoworldwide.com
kitesurf-piraten.net
atelierbond.com
mynjelderlaw.com
moucopia.com
hauhome.club
imroundtable.com
thralink.com
baoequities.com
nassy.cloud
goldenstatelabradoodles.com
revenueremedyintensive.com
dfendglobal.com
pugliaandgastronomy.com
cypios.net
trinioware.com
Targets
-
-
Target
PayeeAdvice_IN10163_Q0158315_41720.xlsx
-
Size
1.2MB
-
MD5
556ed2559ab158f47739dc1426dbb77b
-
SHA1
cb10bbb7a621ec6b33ff9a9594b109bf6d6abe29
-
SHA256
a95a1c04fce6b30cf856d6702e46cc99a74079c6c79575ffb6c2015f707ec9bf
-
SHA512
bed578373e6ec96a8f184f1e1379ec53868ab77dd35b13bafd627c3220b4a89939315876837254a49f59e5138e1da142bead7242f87ac134291a29eedb86ca81
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-