General
-
Target
PROFORMA-PDA 00GGTBGX00001A.xlsx
-
Size
362KB
-
Sample
210924-wtjhyshee4
-
MD5
3428e8b6d05df7add0dd9914432467a0
-
SHA1
89cd998b04e84731ebd9ec51c3d72ef40b15249e
-
SHA256
2a6b9eb5645b5e292c85eeb7236eb00361e74ece1e8debfb33873bc72461a67e
-
SHA512
54844961e87bda2d971c82a506365cf62cdb9918fe98d379101d984883eaf6014e1ab564de5edc6b38f90838895da89a0ec973b5c2a5094833e179646581cd2d
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA-PDA 00GGTBGX00001A.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PROFORMA-PDA 00GGTBGX00001A.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
9gdg
http://www.dechocolate.online/9gdg/
cao-catos.ca
humanityumbrella.com
heatherflintford.com
paddyjulian.com
venturedart.com
pimpyoursmile.com
shellbacklabs.com
acesteeisupply.com
socotrajeweltours.com
aykutozden.com
corncobmeal.com
lesbiansforever.com
picknock.com
pawspetreiki.com
waikikidesignco.com
lelittnpasumo4.xyz
billing-updating.info
barangdapo.com
gatorfirerescue.com
jmovt.com
yozotnpasumo4.xyz
theindiandreams.com
javfish.com
algorham.photography
eurocustompainting.com
commentcard.club
probinns.com
yourlenderjake.net
bestofmdi.guide
miniperfumeria.com
shanxishuangcheng.com
viviantle.com
metaverseliveshopping.com
xn--vckzfv91k.com
garygoodtime.com
meysaninsaat.com
vietnamagritourism.online
greenpillers.net
hughhegartyhedgecutting.com
clarkdn.com
b148t1rfm01qvtbnvgc5418.com
trump-911-memorial.com
seekr.tech
amarettoliqueur.info
planext4u.com
dzairfoot24.com
freshstartdaycarecenterinc.com
redwoodwomen.com
reallyfuntastic.com
cc-expert.com
vaccineexemption.net
goforgreentech.com
800maintenance.services
xn--zimmerei-lking-psb.info
football-latest.mobi
livenetsex.com
christinamossoriginals.com
zebraadz.com
targonia.com
pampashub.com
pallavitatelier.com
aboveallsupplies.com
hyderabadgroceries.com
starpluscommercial.com
Targets
-
-
Target
PROFORMA-PDA 00GGTBGX00001A.xlsx
-
Size
362KB
-
MD5
3428e8b6d05df7add0dd9914432467a0
-
SHA1
89cd998b04e84731ebd9ec51c3d72ef40b15249e
-
SHA256
2a6b9eb5645b5e292c85eeb7236eb00361e74ece1e8debfb33873bc72461a67e
-
SHA512
54844961e87bda2d971c82a506365cf62cdb9918fe98d379101d984883eaf6014e1ab564de5edc6b38f90838895da89a0ec973b5c2a5094833e179646581cd2d
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-