General
-
Target
SHIPPING-DOC.xlsx
-
Size
228KB
-
Sample
211119-j9kpqscgc3
-
MD5
dfd2b8cbb44d1484243e6af091feb34d
-
SHA1
734f74e75da86a282e03eb874daf93bbb12864a1
-
SHA256
d20d22cdd9af5bde44d0f1c11f915f13dbc97ed3ab3114eacbe7edc48b11e540
-
SHA512
e167710a475f41d94dee41fba09361aa8d867d442726c93ed8d8624bfd2561770b63ff592239e357fc20905ca314fb95abba401ce0209a6e6daf670e0797de8b
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING-DOC.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SHIPPING-DOC.xlsx
Resource
win10-en-20211104
Malware Config
Extracted
xloader
2.5
i3gs
http://www.casacampestreelrocio.com/i3gs/
mobizoneoficial.com
gkdesignerjal.com
takut8.com
yh88ff.com
zauqeshayari.com
wil-wei.store
baipees.com
pawaddictsva.com
sexnft.xyz
guizuzbj.com
impfpflicht.net
australiaaddictioncenters.com
beatsingh.com
fominospratico.com
papeisonline.com
asesoriaventajoyas.com
climasfesan.com
foodfar.space
dailyhealthelp.com
blackmagiccomics.com
officialprokodsukses.icu
poeticmodern.com
konfliktschlichter.com
psquarekiddieswatch.com
chascrt.com
theselfishbrandofficial.com
assetsunlimitted.com
lacoliteracy.solutions
angrybirds-game-online.com
golnay.com
vrchneistine.quest
adeelrazza.com
deirdrelewis.com
atownspiceshop.com
ss-traders.net
monsieurtechno.com
iddh5.com
stratejikfokus.online
mehmetmercan.com
drezodecor.com
wetandwild.net
sheriedavismusic.com
nonendangered.com
jollystnpasumo5.xyz
nicedoula.store
jrljjsb.com
twainteam.com
stockholderdemocracy.com
amilma.xyz
capitalshareclub.com
karadaluck.com
smartcontractproauditor.com
xn--mst-amsterdam-imb.com
trustfundmc.xyz
limitlessmotorsinc.com
southeasterninsgroup.com
pavitrafabtech.com
300editors.com
thesolsticestore.com
alqeen.com
ny-homerentals.com
xn--zfrpk130c0lb.xn--czru2d
cuttingpaprika.com
superaltars.com
Targets
-
-
Target
SHIPPING-DOC.xlsx
-
Size
228KB
-
MD5
dfd2b8cbb44d1484243e6af091feb34d
-
SHA1
734f74e75da86a282e03eb874daf93bbb12864a1
-
SHA256
d20d22cdd9af5bde44d0f1c11f915f13dbc97ed3ab3114eacbe7edc48b11e540
-
SHA512
e167710a475f41d94dee41fba09361aa8d867d442726c93ed8d8624bfd2561770b63ff592239e357fc20905ca314fb95abba401ce0209a6e6daf670e0797de8b
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-