General
-
Target
DHL_Sender_Documents_Details_021230900.xlsx
-
Size
355KB
-
Sample
210923-gzcv2ahfbm
-
MD5
e5c6389fe4c43e736bbe304ac2aa9912
-
SHA1
5d4bb21ef27c9b712c33a367c461ea78defb2849
-
SHA256
c996c6e47abe7b54c652692c1aa2bd7b1c63b4927a8da78ca2d1de3ca7232198
-
SHA512
2138ffc7b261c3c81467d8ca7fb9638f82896e74fb5147588a50edf5fc619a26994992bc6de1e455157bf65e2f14bf8fdcc771a8188f1a6a45c7b957bffe0287
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Sender_Documents_Details_021230900.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DHL_Sender_Documents_Details_021230900.xlsx
Resource
win10v20210408
Malware Config
Extracted
xloader
2.5
m0np
http://www.devmedicalcentre.com/m0np/
gruppovimar.com
seniordatingtv.com
pinpinyouqian.website
retreatreflectreplenish.com
baby-handmade.store
econsupplies.com
helloaustinpodcast.com
europe-lodging.com
ferahanaokulu.com
thehomeinspo.com
rawhoneytnpasumo6.xyz
tyckasei.quest
scissorsandbuffer.com
jatinvestmentsmaldives.com
softandcute.store
afuturemakerspromotions.online
leonsigntech.com
havetheshortscovered.com
cvkf.email
iplyyu.com
motphimz.net
slimmerpage.com
fifthbelle.com
moneybagsinfinity.com
architettoaroma.com
rio-script.com
millieandmaude.net
pvinayak.com
nyctattoing.com
fermanfood.com
medardlake.com
40acgidd.com
mrbrianalba.com
110bao.com
shguitong.com
why5mkt.com
diptv.xyz
gotbn-a01.com
rene-weise.com
meltaluminum.com
tobiasqbrown.com
eiqor.com
bnabd.com
painubloc.com
bofoz.com
maxicashprogtq.xyz
probinns.com
yourroddays1.xyz
friedmantrusts.com
patrianilancamentos.com
cetpa.solutions
fengxiaowangluo.com
zkimax.com
bibberyhills.com
colegiodeltaaps.com
fraternitybrand.com
codemais.net
ohayouwww.com
keenflat.com
devvabaek.com
rouxbylarease.online
hongyuyinji.com
cybersecurity-andorra.online
zs4.info
Targets
-
-
Target
DHL_Sender_Documents_Details_021230900.xlsx
-
Size
355KB
-
MD5
e5c6389fe4c43e736bbe304ac2aa9912
-
SHA1
5d4bb21ef27c9b712c33a367c461ea78defb2849
-
SHA256
c996c6e47abe7b54c652692c1aa2bd7b1c63b4927a8da78ca2d1de3ca7232198
-
SHA512
2138ffc7b261c3c81467d8ca7fb9638f82896e74fb5147588a50edf5fc619a26994992bc6de1e455157bf65e2f14bf8fdcc771a8188f1a6a45c7b957bffe0287
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-