General
-
Target
draft shipping docs CI+PL.xlsx
-
Size
360KB
-
Sample
211022-jxqp8acbgr
-
MD5
7fdd0537a9ae0991bcc88f1f2dd00eac
-
SHA1
82e6cb68ff3c222186048c551d2908d2f374b40b
-
SHA256
0dbdef9174ac0c1e1667bcc6f207f7ff14f35889028e266a579745c5d6790e60
-
SHA512
f1b7e4da044d11bc2e500d635825d97b78ee6f2e5ae06937aa6cd646db7bdbad1e01345afb4b4db4b2bd0aba67924a1b97fadcbc140bb7c0f64fcfa7b5ffa757
Static task
static1
Behavioral task
behavioral1
Sample
draft shipping docs CI+PL.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
draft shipping docs CI+PL.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
bs8f
http://www.rwilogisticsandbrokerage.com/bs8f/
vasilnikov.com
parkate.club
pol360.com
handmadequatang.com
consult-set.com
nourkoki.com
theveganfusspot.com
dreamssail.com
pinpinyouqian.xyz
satellitphonestore.com
yotosunny.com
telosaolympics.com
gogetemm.com
yozotnpasumo2.xyz
avantgardemarket.com
glenndcp.com
dirtydriverz.com
avaui.com
anchoredtheblog.com
marianaoliveiraarquitetura.com
dadaman.com
hackensackvet.com
onelovecafeatl.com
top-recordtodiscovertoday.info
goodzza.net
gideonajibike.com
2010.pro
room1029.com
tucochepordinero.net
natsuyagimaki.com
daleproaudio.xyz
cryptoregulations.xyz
vmini.info
bukketfantom.quest
sgpvbzw.com
straightii.com
exploitgomyau.xyz
cvwerg.com
sikiich.com
anchoramolnile.com
eljkj.com
leroyalstevenson.com
narae-digital.com
swalayan.digital
market1c.store
vitaminecrew.com
sirabeyo.net
bornholm-urlaub.info
michael-ludwig.info
innoattic.com
cupandthoughts.com
ppd-mall.com
sponsoredcrew.com
cardiopulmonaryservices.com
ff4ciib4q.xyz
xn--kzlarndkkan-zhb69deah.com
saint444.com
serc0-na.com
idecor.asia
zombiesoflalaland.com
medinaes.xyz
deluxhaus.com
alwaysmode.com
lastpassword.net
Targets
-
-
Target
draft shipping docs CI+PL.xlsx
-
Size
360KB
-
MD5
7fdd0537a9ae0991bcc88f1f2dd00eac
-
SHA1
82e6cb68ff3c222186048c551d2908d2f374b40b
-
SHA256
0dbdef9174ac0c1e1667bcc6f207f7ff14f35889028e266a579745c5d6790e60
-
SHA512
f1b7e4da044d11bc2e500d635825d97b78ee6f2e5ae06937aa6cd646db7bdbad1e01345afb4b4db4b2bd0aba67924a1b97fadcbc140bb7c0f64fcfa7b5ffa757
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-