General
-
Target
4857534413438976.zip
-
Size
12KB
-
Sample
211117-1mhejaeag5
-
MD5
246f6e341a018a190858461e5d70a3d5
-
SHA1
ab7fc9fce66be0adab63ba60bced3917af44111c
-
SHA256
3d6efe59037f7b5399b5ca0b40fa9ed242894f5be067473ef67c415fdac3fe08
-
SHA512
ad27e2028b5f9c1bce4ae16a868cedf42ca2a76350189eb17d086f76774e84af1b38e6e1fc97ed9b91516822feac6061f2bfbb3697aad8ca7681d53052397d93
Static task
static1
Behavioral task
behavioral1
Sample
6ffda0323b69bb875a8360bcdd18b398a463d3de88bb11e6511a3b3bffe5b753.xlsm
Resource
win7-en-20211104
Malware Config
Extracted
http://84.252.122.205/xcx/system.exe
Extracted
xloader
2.5
pufi
http://www.homestechs.com/pufi/
fusiongroupgames.net
hugevari.com
rebeccagriffiths.com
trocaoferta.com
theslashapp.com
codezonesoftware.xyz
sottocommunications.com
minicreators.online
course2millions.com
hfm5n1dhkjqwpe.xyz
xlab-ub.com
silvanaribeirocake.com
thefabinteriordesign.com
mg-leadership.com
petbort.com
ndust.net
203040302.xyz
jakital.com
shophuunghia.info
rednacionaldejuecesrd.net
mauricioeanderson.com
robinbirrell.top
zarazira.com
rescueandrestoreministries.net
tureformamadrid.com
heesafe.com
mistergoo.com
reklamilanlar018.xyz
dailygossiping.com
theebook.guru
keepkalmm.com
teamlsu.club
kendyraedesigns.com
suddennnnnnnnnnnn13.xyz
panaceapp.com
visionaryking83.com
50003008.com
bikingforbalance.com
nishiki-sougou.com
bricokitchen.com
478739.com
donaldpowers.store
lesspricebd.com
xn--tfr61gf5uuhm.group
mysterypowerbike.com
fractalmerch.xyz
foreverphotos0910.net
hungama-play30.online
negotrad.com
afroonline.net
avalche.com
northfacemall.online
deals4me.store
nadanadif.com
lnstagrarn-security.com
lewismiddleton.com
tefatistmus.quest
adavici.com
madnext.online
astraherb.com
phnurse.com
opinionprofesional.com
gameshill.net
kagakubushitsu.com
Targets
-
-
Target
6ffda0323b69bb875a8360bcdd18b398a463d3de88bb11e6511a3b3bffe5b753
-
Size
14KB
-
MD5
70820ac2bb527bb0a10747a06d2c2b0b
-
SHA1
7289b7ddcdcaa9450c27e1579f36d67a544cee80
-
SHA256
6ffda0323b69bb875a8360bcdd18b398a463d3de88bb11e6511a3b3bffe5b753
-
SHA512
64be67485be70ac5aa2539a88c9846282d7178e13a46895d4686ff0ce79378bf9ed4ee7bec00cb88abc0e2e8bb41a9b9ef38aa4ff25b4e4dc6334a96ad1ee4b5
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-