General
-
Target
Docs No-65224XXX [ORDER-2021].CAB.zip
-
Size
500KB
-
Sample
211022-gb6hfabbe5
-
MD5
1d333df00c5295d9b481318dcb93cc7a
-
SHA1
6dff74f14df898500f621847254e0d7167899982
-
SHA256
29ed2c98e99f875b08bdbe2a457448f216f0de821bdd484a973e994d5fb33343
-
SHA512
fc20ddd1b08650eb760e13d3ecfec59fc948fd10ff2e9d1c8e3f09ff608989881c895e7f49690b3d73528464517e60e8acab8e3375ed2cc2ce71c4b1487aed56
Static task
static1
Behavioral task
behavioral1
Sample
Docs No-65224XXX [ORDER-2021].exe
Resource
win7-ja-20211014
Behavioral task
behavioral2
Sample
Docs No-65224XXX [ORDER-2021].exe
Resource
win7-en-20211014
Behavioral task
behavioral3
Sample
Docs No-65224XXX [ORDER-2021].exe
Resource
win10-ja-20210920
Behavioral task
behavioral4
Sample
Docs No-65224XXX [ORDER-2021].exe
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
epns
http://www.lnvietnam.online/epns/
mmfaccao.com
blttsperma.quest
946abe.net
indispensablehands.com
jkformationfrance.com
phonerepaire.com
lienquan-trian.com
youkuti.com
empowermindbodystudios.com
seunicapf.com
fk-link.xyz
kunai.tech
difficultbutdoablebrand.com
ejworkspace.com
teracorp.biz
thekids.today
quintaalentejana.com
annaviruksham.com
jshengrong.com
nsmetalmakina.xyz
hentainftd.com
alphabet-chicken-farms.com
erotikchat.red
skintipsllc.com
expressofertachegou.com
ygraeriotexniki.com
thesidehustler.net
visionries.com
deployinghigh.com
havana-smile.com
exclusivegift7.com
ephraimhomedeals.com
westquartier.com
kiingear.com
officecom-myaccount.com
lemomentconcept.com
royalteacherclass.com
alltart.com
hustlershandbook.biz
mxpvlv.biz
canalcorporate.com
carcity.toys
k6tkuwrnjake.biz
acrobike69.com
4000518883.com
katia-magnetisme.com
shiningproent.com
ikmbc-b02.com
thoughtsbig.com
baba.clinic
blazestead.com
12monthmillionairetraining.com
goodtasteonline.com
nokushop.com
teneses.com
215oldtoby.com
pampelina.com
eimzaizmir.com
newnetteline.com
discovertexasbeaches.com
farrukhportfolio.website
bombers.xyz
melissacarbonell.group
5402506.win
Targets
-
-
Target
Docs No-65224XXX [ORDER-2021].exe
-
Size
973KB
-
MD5
994a2d143c5619a11906c87244855858
-
SHA1
dc6c06fb2c1acf3164db514878209ec6aec95cac
-
SHA256
19b95be1b0c890804845c8c6e19cef972c89bfc8156201c3490f047ebfc42ed4
-
SHA512
271531df66b27cdc1e4f53774c820c186218d6c17a19387a47530a7b1910960e0d517150f88082ea3b03c9abb85f2ccfa9c8ca2d5e7864844179145b32e9b607
Score10/10-
Registers COM server for autorun
-
Xloader Payload
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-