General
-
Target
Orsha_NSC Contract 290720 Order for new shipment.xlsx
-
Size
556KB
-
Sample
210917-x3z3qsgdc5
-
MD5
72d057ebfb1aa881ffee0cae72724866
-
SHA1
a35397bed6c5368e2b9196557af225222163faf2
-
SHA256
1707f694fc15ee93a6f06725c6a4cfe1283f6553a442a957f7b5fc646f003466
-
SHA512
6b867c53a4ee8e1f844f170c17d98071cb11e75ef0b9ea735cc2eb8bc37d9f61223f37736ecc59010f414c91f0097da0411df6eec354d4b619d379c47295ed62
Static task
static1
Behavioral task
behavioral1
Sample
Orsha_NSC Contract 290720 Order for new shipment.xlsx
Resource
win7-en-20210916
Behavioral task
behavioral2
Sample
Orsha_NSC Contract 290720 Order for new shipment.xlsx
Resource
win10-en
Malware Config
Extracted
xloader
2.3
b6a4
http://www.helpmovingandstorage.com/b6a4/
gr2future.com
asteroid.finance
skoba-plast.com
rnerfrfw5z3ki.net
thesmartroadtoretirement.com
avisdrummondhomes.com
banban365.net
profesyonelkampcadiri.net
royalloanhs.com
yulujy.com
xn--naqejahan-n3b.com
msalee.net
dollyvee.com
albertagamehawkersclub.com
cbspecialists.com
findingforeverrealty.com
mrtireshop.com
wadamasanari.com
growtechinfo.com
qipai039.com
kdpwelness.com
heonyearthoo.com
comprarmiaspiradora.com
e38.site
aryadesigningstudio.com
wildwestkelly.com
mengzhanxy.com
kedaiherbalalami.com
mygaybookcase.com
meetheveganz.com
42shenmao.com
siimezhebi.com
id-ers.com
cabalzi.com
hellahealthy.life
mastermind-kc.com
erinkiauq.icu
shinebrightjournal.com
adventuresofdatinginnyc.com
kestuf.net
khadarelhodge.com
maximumsale.com
rishitaprabhu.com
dinhvitraitim.com
dalvascleaningservice.com
norfolkveggiebox.com
findsmartvestorpro.com
shuangyashanpower.com
shukujitsu.net
naughty0milf.today
jdjseshop.com
breathlessandinlove.com
abrosnm3.com
candoyuran.com
recargasasec.com
puffycannabis.com
shopnewmills.com
blue-sky-music.com
besthypee.com
idahocommunitynewsnetwork.com
darenscape.com
gamificationbiz.com
avosmains.net
starlangue.com
Targets
-
-
Target
Orsha_NSC Contract 290720 Order for new shipment.xlsx
-
Size
556KB
-
MD5
72d057ebfb1aa881ffee0cae72724866
-
SHA1
a35397bed6c5368e2b9196557af225222163faf2
-
SHA256
1707f694fc15ee93a6f06725c6a4cfe1283f6553a442a957f7b5fc646f003466
-
SHA512
6b867c53a4ee8e1f844f170c17d98071cb11e75ef0b9ea735cc2eb8bc37d9f61223f37736ecc59010f414c91f0097da0411df6eec354d4b619d379c47295ed62
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-