General
-
Target
ccf25116808a8f6fdbca6d7dbbc30af45fb382b4b868109dc0f17d5062062aff.xlsx
-
Size
303KB
-
Sample
211019-wxyr2sgce6
-
MD5
3ec955ba8c6df83999cf0454ee958ee4
-
SHA1
f1df8c8561739662fcf636c262d0af0a74768231
-
SHA256
afaccad0cadbc5f44a79dd336fbf732d2bae82f41d0e1442919b4e0b18d5ae51
-
SHA512
25739682f768f1005d88bcee977e6fe2107afcafc0ec7e4b7847de4a612e012b0f4e3e0d5bfc32c137aef52bcebc059e6ddb3f17dfd0b541d11a73ea4e950843
Static task
static1
Behavioral task
behavioral1
Sample
ccf25116808a8f6fdbca6d7dbbc30af45fb382b4b868109dc0f17d5062062aff.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ccf25116808a8f6fdbca6d7dbbc30af45fb382b4b868109dc0f17d5062062aff.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
wogm
http://www.eygtogel021.com/wogm/
sub-dude.net
repeatcustom.com
goodspaz.com
sinagropuree.com
jyh8886.com
muescabynes.quest
stark.agency
nolimit168.com
hypermediastore.com
arab-xt-pro.com
gruppovimar.com
santamariamoto.express
affaridistribuciones.com
straetah.com
collectionsbyvivi.com
nalainteriores.com
weeklywars.com
insightmyhome.com
ucml.net
herderguru.com
sz-jialejia.com
xinglu56.com
tenselect.net
arepaspuesdc.com
cvkf.email
moseslakeapartment.com
chantaldesign.space
884651.com
yzyf88.com
seattlecanna.com
obsessive.company
blessedfurnitures.com
disparandose.com
smmakrygiannakis.online
buno8ce.com
javaportal.info
laoqu6666.com
portfolioinsidertips.com
workospbit.space
biocrafts.net
estebancantillo.com
appliancestar.xyz
gloriousbees.xyz
porchlightwoodworks.com
rawhoneytnpasumo2.xyz
pokipass-niigata.com
aodesai.store
powro.online
playin.one
minded-afoot.com
zpahura.com
bodybybetsy.com
camworker.cloud
mest2.com
chezlulu.paris
officeupdate365.com
jackdanska.com
glenndcp.com
huikanvip.com
connectedtoolstore.com
flogicpro.com
yourhomestimate.com
dogtraining5x5.com
truenettnpasumo2.xyz
Targets
-
-
Target
ccf25116808a8f6fdbca6d7dbbc30af45fb382b4b868109dc0f17d5062062aff.xlsx
-
Size
303KB
-
MD5
3ec955ba8c6df83999cf0454ee958ee4
-
SHA1
f1df8c8561739662fcf636c262d0af0a74768231
-
SHA256
afaccad0cadbc5f44a79dd336fbf732d2bae82f41d0e1442919b4e0b18d5ae51
-
SHA512
25739682f768f1005d88bcee977e6fe2107afcafc0ec7e4b7847de4a612e012b0f4e3e0d5bfc32c137aef52bcebc059e6ddb3f17dfd0b541d11a73ea4e950843
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-