General
-
Target
MT103-Swift Copy.xlsx
-
Size
595KB
-
Sample
210902-hrc65sb36x
-
MD5
e60e5891c5998886ad977f5b030eef82
-
SHA1
9ba50531291eba0f3ca193848ba077b72b2ab4db
-
SHA256
975af824a78131f0cc812dfa094bfab9d92b878f5edadcc689fa29d99e419519
-
SHA512
d62968ebf3b1c2b255e54e66c023ebb2c59a2f151e0de48a2107e2fb2a3010702aa6a3701b6a510ccd4b18b3f0c3938229b269f0abe85a22052cfa7909854b70
Static task
static1
Behavioral task
behavioral1
Sample
MT103-Swift Copy.xlsx
Resource
win7-en
Behavioral task
behavioral2
Sample
MT103-Swift Copy.xlsx
Resource
win10v20210408
Malware Config
Extracted
xloader
2.3
ecuu
http://www.polaritelibrairie.com/ecuu/
buoy8boats.com
tomrings.com
o-distribs.com
majesticgroupinc.com
tehridam.com
yzwjtoys.com
castro-online.run
aquarius-twins.com
jamesrrossfineart.com
pavarasupatthonkol.com
rivermarketdentistry.com
gyiblrjd.icu
redcountrypodcast.com
youngbrotherspharmacyga.com
betsysobiech.com
neocleanpro.com
ingpatrimoine.com
mustangsallytransportation.com
jsvfcxzn.com
krsfpjuoekcd.info
cricutcutfiles.club
fjucurta.com
soberrituals.com
mercamoderna.com
empirerack.com
poorwhitetrashlivesmatter.net
the-boardroom-usa.com
boldgroupghana.com
stathotshots.com
workabhaile.com
drgigadvisors.com
tfqvslhlh.club
meo6.com
myreti.com
tasteofourneighborhood.com
manufacturedinjapan.com
listenstech.com
jdcloud-neucampus.com
westgateoptometry.store
sourcefirstconsulting.com
xmasmobitvbuy.com
blackhillsfarmtn.com
georgiaforless.com
enovexcorp.com
nxtelligence.com
emotionalgangster.com
chainsawsparts.com
dplqyz.com
lossaboresdemama.com
805thaifood.com
safeandsoundyachtservices.com
grandparentsandkids.com
catalystdentalallies.com
keplersark.com
desrefuses.com
comerciolimited.com
cotonslife.com
pegasusf.xyz
rocketmortgagedeceit.com
mypartydelivered.com
gvassummit2020.com
thefamilybubble.com
lgjccz.com
donnaquerns.com
Targets
-
-
Target
MT103-Swift Copy.xlsx
-
Size
595KB
-
MD5
e60e5891c5998886ad977f5b030eef82
-
SHA1
9ba50531291eba0f3ca193848ba077b72b2ab4db
-
SHA256
975af824a78131f0cc812dfa094bfab9d92b878f5edadcc689fa29d99e419519
-
SHA512
d62968ebf3b1c2b255e54e66c023ebb2c59a2f151e0de48a2107e2fb2a3010702aa6a3701b6a510ccd4b18b3f0c3938229b269f0abe85a22052cfa7909854b70
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-