General
-
Target
CHIANG LAAN ship particular.xlsx
-
Size
332KB
-
Sample
211014-l43z8sghb7
-
MD5
51d669feccb183a01b42156ae4048a1f
-
SHA1
dbefe524757e949e2d9a65d3b65667706f66b7cd
-
SHA256
df630d27aed47b1a28ab1e184814f0f0bf83e2b81d83cee8beaddcc1ea25a79e
-
SHA512
f9e33f32842e2d156d82d83e2b8348277c577836ba04b306b15d897bf75a664ca3fc3b8238cd04f31e96f5e62d765616baee9540e309ca5c4ee80807abc8ea90
Static task
static1
Behavioral task
behavioral1
Sample
CHIANG LAAN ship particular.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
CHIANG LAAN ship particular.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
bntn
http://www.forex-fm.online/bntn/
pollynfertility.com
frayahanson.com
longrunconsultancy.com
influencerimpactacademy.com
kentislandeats.com
71zkck.biz
835641.com
sklepmeki.store
lauradanielphotography.com
betnubhelp.com
invoicefunder.com
reignbeautycompany.com
eclipsegl.com
zacharyparkerporward5.com
alexiamalan.top
xn--299akkrtr22f.com
telex.business
pingsportsbet.com
fountainspringsrehab.com
intelbloodstock.com
drtuba.one
seoblur.com
paramustowing.com
shristientreprise.com
addcolor.city
mirofotografias.com
techno-delights.com
pineapplejacks.net
hojerti.info
httpxhydh233.xyz
safenterprisespk.com
nexria.com
whiskeyridgebeef.net
tongtongticket.com
shepinhang.net
ungurulife.online
treeserviceconsulting.com
azxx123.com
empyrealgrowva.com
do-remember.com
centralcontable.net
ort-care.com
dronedemonstration.com
georgioskaranasios.com
shojicorpadvisory.com
parwarluxurycars.com
astute.company
globalragas.online
9veronicaavenue.com
nv-us1.com
sailislife.com
nordiclightsllc.com
the-solar-ohio.com
bakermckenzieny.com
cherielu.com
gemini-airwave.pro
experienceanewremarkable.com
nillionbux.com
overcomeeverythingathletics.com
binbin-ads.com
hoganieftini.com
referralinstituteatlanta.com
willpowerleggings.com
tuningwarehouse.com
Targets
-
-
Target
CHIANG LAAN ship particular.xlsx
-
Size
332KB
-
MD5
51d669feccb183a01b42156ae4048a1f
-
SHA1
dbefe524757e949e2d9a65d3b65667706f66b7cd
-
SHA256
df630d27aed47b1a28ab1e184814f0f0bf83e2b81d83cee8beaddcc1ea25a79e
-
SHA512
f9e33f32842e2d156d82d83e2b8348277c577836ba04b306b15d897bf75a664ca3fc3b8238cd04f31e96f5e62d765616baee9540e309ca5c4ee80807abc8ea90
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-