General
-
Target
090900 Quotation - Urgent.xlsx
-
Size
269KB
-
Sample
211013-hsr7tadfg8
-
MD5
efdb3073607b0e44e67b7436fdb70f5b
-
SHA1
bac5f9c3aa6e6fae7034d6a1fc9197b1090b4f0e
-
SHA256
c13a3022f2212e4e16fb2147f6fd0c09ed4439a49b4313603a5e48b7b3174167
-
SHA512
30efeeb74b2c0bec55e1d0abb8147da25f212e58b0a66a8e8d4f3c83142de43b347ffa6043399867774bb3deca446fd4de5eb1b5010d98c532cfec8fca2181ec
Static task
static1
Behavioral task
behavioral1
Sample
090900 Quotation - Urgent.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
090900 Quotation - Urgent.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
b2c0
http://www.thesewhitevvalls.com/b2c0/
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
Targets
-
-
Target
090900 Quotation - Urgent.xlsx
-
Size
269KB
-
MD5
efdb3073607b0e44e67b7436fdb70f5b
-
SHA1
bac5f9c3aa6e6fae7034d6a1fc9197b1090b4f0e
-
SHA256
c13a3022f2212e4e16fb2147f6fd0c09ed4439a49b4313603a5e48b7b3174167
-
SHA512
30efeeb74b2c0bec55e1d0abb8147da25f212e58b0a66a8e8d4f3c83142de43b347ffa6043399867774bb3deca446fd4de5eb1b5010d98c532cfec8fca2181ec
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-