General
-
Target
draft shippng document CI+PL.xlsx
-
Size
369KB
-
Sample
211021-gw3x2shhe2
-
MD5
543702f3a378e0b065e79ff956fa25f5
-
SHA1
de898adcab0fcfeb5a1a5d281a688371de1e930a
-
SHA256
d9456bea4f1151ba05cdee82e2370acce666812a57dbf6f73f7b5b25bf814819
-
SHA512
48325b58371735b147c4301b9582433c9a5f7fe4f29af5bdf1c74f746b119e8a842e48e1289f4541285f18110e1f7a8bfd9624a0ea5441da9d844acc80bda6e5
Static task
static1
Behavioral task
behavioral1
Sample
draft shippng document CI+PL.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
draft shippng document CI+PL.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
bs8f
http://www.rwilogisticsandbrokerage.com/bs8f/
vasilnikov.com
parkate.club
pol360.com
handmadequatang.com
consult-set.com
nourkoki.com
theveganfusspot.com
dreamssail.com
pinpinyouqian.xyz
satellitphonestore.com
yotosunny.com
telosaolympics.com
gogetemm.com
yozotnpasumo2.xyz
avantgardemarket.com
glenndcp.com
dirtydriverz.com
avaui.com
anchoredtheblog.com
marianaoliveiraarquitetura.com
dadaman.com
hackensackvet.com
onelovecafeatl.com
top-recordtodiscovertoday.info
goodzza.net
gideonajibike.com
2010.pro
room1029.com
tucochepordinero.net
natsuyagimaki.com
daleproaudio.xyz
cryptoregulations.xyz
vmini.info
bukketfantom.quest
sgpvbzw.com
straightii.com
exploitgomyau.xyz
cvwerg.com
sikiich.com
anchoramolnile.com
eljkj.com
leroyalstevenson.com
narae-digital.com
swalayan.digital
market1c.store
vitaminecrew.com
sirabeyo.net
bornholm-urlaub.info
michael-ludwig.info
innoattic.com
cupandthoughts.com
ppd-mall.com
sponsoredcrew.com
cardiopulmonaryservices.com
ff4ciib4q.xyz
xn--kzlarndkkan-zhb69deah.com
saint444.com
serc0-na.com
idecor.asia
zombiesoflalaland.com
medinaes.xyz
deluxhaus.com
alwaysmode.com
lastpassword.net
Targets
-
-
Target
draft shippng document CI+PL.xlsx
-
Size
369KB
-
MD5
543702f3a378e0b065e79ff956fa25f5
-
SHA1
de898adcab0fcfeb5a1a5d281a688371de1e930a
-
SHA256
d9456bea4f1151ba05cdee82e2370acce666812a57dbf6f73f7b5b25bf814819
-
SHA512
48325b58371735b147c4301b9582433c9a5f7fe4f29af5bdf1c74f746b119e8a842e48e1289f4541285f18110e1f7a8bfd9624a0ea5441da9d844acc80bda6e5
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-