General
-
Target
Purchase request FOR lsc-jncTrading.xlsx
-
Size
693KB
-
Sample
211110-zcqsgsacb9
-
MD5
5acd1af44ebb3182c64f493e5206fa21
-
SHA1
1f4a06f037467583b7c21d4a38b85fef98786b92
-
SHA256
b463f0df3e6049f4e5d196946c0256b51a97447d36fffb54bccb53ecc1bb032c
-
SHA512
388ec5bfbd6ec216fef1f2879d03e5f8aa048dd2f6018cf20e91effd4355fd2a908e8b9b69ff7117a9e8f419d382027e94f308ded1ac491df53c779439edbf6f
Static task
static1
Behavioral task
behavioral1
Sample
Purchase request FOR lsc-jncTrading.xlsx
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Purchase request FOR lsc-jncTrading.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
n58i
http://www.makingitreignz.com/n58i/
charlottebishop.com
afafshawwabibi.com
salomesac.com
albaelectric.info
ashcm.com
cxlgroups.com
kbittesting.com
stogelair.com
dgredg.com
smokersoutletinc.com
gdmo112.com
innovationmotive.xyz
outbarter.info
abevegege.online
peterjhill.com
fubosportsbetting.com
probristow.com
despirad.com
halloweengeneral.com
milesofsmileskinder.com
luly-boo.com
noordinaryinsurance.com
buildertest342.com
drivelingo.com
idaivos.com
ebonycamsworld.com
mooknationmedia.com
brenthagenbuch.net
rwatyz40s.xyz
ceramicfinishing.com
maliya-interiors.com
ghlmadesimple.com
4546768.rest
povxxxvideos.com
szqkjy.com
1rmg.tech
miskarangsimpang.xyz
jgjec.com
preventpor.xyz
mcdonnellanalytics.store
dsknit.com
high-clicks2.com
niceauto.mobi
kadenselection.com
firuzekahve.com
emiliaclarkedaily.net
trianglepost.press
wellorise.store
bolder.equipment
metropolitanprolifestyle.com
berthagiles.top
tanba-dekanshofarm.net
publicitysocial.com
kosener.com
atelierdesignstudio.com
solosix.club
triimio.com
sukoteishu.com
industrialsblockxchange.com
jsyonghui.com
aspenceramica.com
daikondefense.com
estudioamlegal.com
abetttermountbethel.com
Targets
-
-
Target
Purchase request FOR lsc-jncTrading.xlsx
-
Size
693KB
-
MD5
5acd1af44ebb3182c64f493e5206fa21
-
SHA1
1f4a06f037467583b7c21d4a38b85fef98786b92
-
SHA256
b463f0df3e6049f4e5d196946c0256b51a97447d36fffb54bccb53ecc1bb032c
-
SHA512
388ec5bfbd6ec216fef1f2879d03e5f8aa048dd2f6018cf20e91effd4355fd2a908e8b9b69ff7117a9e8f419d382027e94f308ded1ac491df53c779439edbf6f
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-