General
-
Target
Unpaid invoice 76810091.xlsx
-
Size
440KB
-
Sample
211026-psx7dshdf2
-
MD5
b8cf81e69b571ec7612d5b2ec8a66682
-
SHA1
d4da3acfca6d028d8ec56b92c84af760f8c075f6
-
SHA256
46ca11e597ee7173e77a1cd8ca582943b099afc05921bf566937637c34dc41d0
-
SHA512
3e330457c41ed77aeb1bceabc128197229787027640456c5e7508a8696a6d05c5d101b1687cbe911adb2eebfb85fae7b741224b50cc8fa0ddb871430c356b56c
Static task
static1
Behavioral task
behavioral1
Sample
Unpaid invoice 76810091.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Unpaid invoice 76810091.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
b2c0
http://www.thesewhitevvalls.com/b2c0/
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
Targets
-
-
Target
Unpaid invoice 76810091.xlsx
-
Size
440KB
-
MD5
b8cf81e69b571ec7612d5b2ec8a66682
-
SHA1
d4da3acfca6d028d8ec56b92c84af760f8c075f6
-
SHA256
46ca11e597ee7173e77a1cd8ca582943b099afc05921bf566937637c34dc41d0
-
SHA512
3e330457c41ed77aeb1bceabc128197229787027640456c5e7508a8696a6d05c5d101b1687cbe911adb2eebfb85fae7b741224b50cc8fa0ddb871430c356b56c
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-