General
-
Target
POCWI191502.xlsx
-
Size
201KB
-
Sample
211108-j55t4sbee7
-
MD5
47685fcb4332bcb2447db1b6e1c336d5
-
SHA1
77f77d5b9389e6e842901a6c693708d75e24708e
-
SHA256
55077a584aa3b407c6ed89ad60609062ddd6ff66da0c6e66a12a52a2a248be4e
-
SHA512
1391d3a2abf899313c91420a72c9933f5e4adbf58e6f8ea6c62a9c86338b0469a9db9ae69f186b763c7cbde8ff987557d380e3b613c4a2954ac42d0bea456fa7
Static task
static1
Behavioral task
behavioral1
Sample
POCWI191502.xlsx
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
POCWI191502.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
e4nr
http://www.rizkhr.com/e4nr/
mklab.ltd
doabodrum.com
hospitalitysupply.xyz
iamcrypto.pink
studiodesignguru.com
hackersfullmoonartconcepts.com
nutritioustooth.com
cuzanservice.com
het9a.online
datenigthmovies.com
realitytv.xyz
eaglesflair.com
unheavymetal.com
acustomcollective.art
fifthbelle.com
backupplan.xyz
moirechi.online
bot-hack.com
fithefly.com
aonoti.com
ghdjd2.com
jpmorgan-secureauth.com
housecapsule.com
benshawer.com
yiquge.com
heligang.com
beatrizmerell.com
mutduabeland.com
alphanull.xyz
besasin09.com
www-roblcx.com
354hk.com
geortekusa.com
daricjewelry.com
lmsfusionfinest.com
implantesdentariosinfobbra.com
les-cours.com
t12realtors.com
user-agreement981.com
primebaits.com
zhenjindz.com
emailguitarlessons.com
hiled-lighting.com
aceproservices.net
tenlog026.xyz
gosystemupdating.online
roofingand.supplies
neuro-ai-web-ru.website
floridaunvaxjobs.com
amazingalliesclean.online
cyberpov.com
adsefum.net
roysecitystorage.com
thekampus.online
homesolarhartfordct.com
lowairfareindia.com
lovenchant.xyz
peacefmradio.com
aerialhi.com
lauranrun.com
flutter-marketplace.store
theandrewbradycenter.com
onstepcenter.com
donajisf.com
Targets
-
-
Target
POCWI191502.xlsx
-
Size
201KB
-
MD5
47685fcb4332bcb2447db1b6e1c336d5
-
SHA1
77f77d5b9389e6e842901a6c693708d75e24708e
-
SHA256
55077a584aa3b407c6ed89ad60609062ddd6ff66da0c6e66a12a52a2a248be4e
-
SHA512
1391d3a2abf899313c91420a72c9933f5e4adbf58e6f8ea6c62a9c86338b0469a9db9ae69f186b763c7cbde8ff987557d380e3b613c4a2954ac42d0bea456fa7
Score10/10-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-