General
-
Target
RFQ 20000MT40000MT FOB SGS(AneVa Mariusz ).xlsx
-
Size
1.2MB
-
Sample
210824-fvvx43wh6j
-
MD5
bcddd6487a0e1ef2e7d32cc59be48383
-
SHA1
caa9a616139af3ffa83f19f71e5a723380ca405a
-
SHA256
a452c3adad157b098a28aea1626cff66e0c97de0a34c429de85d3fd6c0faaa72
-
SHA512
3d3a9236dfaa1c412fb319f7c8c02c7854a46284731d02c4a4f60413608f115adb925ec6fe66b5833d4485e9da5f7e96947fef4f1402142687876ec21b619578
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 20000MT40000MT FOB SGS(AneVa Mariusz ).xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
RFQ 20000MT40000MT FOB SGS(AneVa Mariusz ).xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
n8ba
http://www.narrowpathwc.com/n8ba/
thefitflect.com
anytourist.com
blggz.xyz
ascope.club
obyeboss.com
braun-mathematik.online
mtsnurulislamsby.com
jwpropertiestn.com
animalds.com
cunerier.com
sillysocklife.com
shopliyonamaaghin.net
theredcymbalsco.com
lostbikeproject.com
ryggoqlmga.club
realestatetriggers.com
luvlauricephotography.com
cheesehome.cloud
5fashionfix.net
wata-6-rwem.net
ominvestment.net
rrinuwsq643do2.xyz
teamtacozzzz.com
newjerseyreosales.com
theresahovo.com
wowmovies.today
77k6tgikpbs39.net
americagoldenwheels.com
digitaladbasket.com
gcagame.com
arielatkins.net
2020coaches.com
effthisshit.com
nycabl.com
fbvanminh.com
lovebirdsgifts.com
anxietyxpill.com
recaptcha-lnc.com
aprendelspr.com
expatinsur.com
backtothesimplethings.com
pcf-it.services
wintonplaceoh.com
designermotherhood.com
naamt.com
lifestylebykendra.com
thehighstatusemporium.com
oneninelacrosse.com
mariasmoworldwide.com
kitesurf-piraten.net
atelierbond.com
mynjelderlaw.com
moucopia.com
hauhome.club
imroundtable.com
thralink.com
baoequities.com
nassy.cloud
goldenstatelabradoodles.com
revenueremedyintensive.com
dfendglobal.com
pugliaandgastronomy.com
cypios.net
trinioware.com
Targets
-
-
Target
RFQ 20000MT40000MT FOB SGS(AneVa Mariusz ).xlsx
-
Size
1.2MB
-
MD5
bcddd6487a0e1ef2e7d32cc59be48383
-
SHA1
caa9a616139af3ffa83f19f71e5a723380ca405a
-
SHA256
a452c3adad157b098a28aea1626cff66e0c97de0a34c429de85d3fd6c0faaa72
-
SHA512
3d3a9236dfaa1c412fb319f7c8c02c7854a46284731d02c4a4f60413608f115adb925ec6fe66b5833d4485e9da5f7e96947fef4f1402142687876ec21b619578
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-