General
-
Target
P.O-5433ERE.doc
-
Size
21KB
-
Sample
211125-vf983sbbh2
-
MD5
17ca06000e92058f0d43259b2683537c
-
SHA1
db453e5125310d209fe04fb0211677d79d25f3ee
-
SHA256
3c9280552a4129fdf884414b080c80d5ffc72403079d7a5292e9b09d832ab37d
-
SHA512
3e05cc9f7284eb7a1d6756380882b0b1b2d89ce42b887e6c28c49342a9ce61157392997f7bdd96add1fbeefe3ea2ce07c14e8b1e6b245488a2c248d0b8e51148
Static task
static1
Behavioral task
behavioral1
Sample
P.O-5433ERE.doc
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
P.O-5433ERE.doc
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
op9t
http://www.fcusd4.com/op9t/
tzjwt261888.com
top10iecasinos.com
nurotag.com
controlparental24.com
truenettnpasumo1.xyz
finsits.com
publicfigure.skin
natalispharma.com
brixbol.com
bal.group
perfectinteractivemedia.com
fascialboost.com
jgcpfb120.com
grizzlysolutionsllc.net
wearegardenersusa.com
rjsarka.com
shintoku-gsfarm.com
1oavyx.com
volunteervabetweenk.com
tdshawn.com
bandhancustomer.com
amyzingskin.com
sorbetsa.com
eadbrasil.club
directnaukri.com
alltheheads.com
elbbinandnibble.online
kaizenswinger.com
kimberleydawnwallace.com
zscyyds.xyz
ecranthermique.com
mystitched.com
shophallows.com
cachondearais.xyz
flavatdvb.quest
christendombiblecollege.com
affordalbehousing.com
engro-connect.com
lorticepttoyof2.xyz
kingslot.bet
wiseriq.com
emmaraducanu.tennis
xn--seebhnegrlitz-pmb9f.com
perfectstudio.net
thenewera.icu
com104940689794.icu
imaginative-coaching.com
campdiscount.info
waggledance.net
excellglobus.com
fssqyd.com
yalesi.net
aoliutech.com
replenish.place
nityammed.com
stanislauscountyedu.info
029saxjy.com
lttcp089.com
texaszephyr.com
sloanlakecomedy.com
axonlang.com
bhutaan.com
sevensummitclimbing.com
wolfenhawk.com
Targets
-
-
Target
P.O-5433ERE.doc
-
Size
21KB
-
MD5
17ca06000e92058f0d43259b2683537c
-
SHA1
db453e5125310d209fe04fb0211677d79d25f3ee
-
SHA256
3c9280552a4129fdf884414b080c80d5ffc72403079d7a5292e9b09d832ab37d
-
SHA512
3e05cc9f7284eb7a1d6756380882b0b1b2d89ce42b887e6c28c49342a9ce61157392997f7bdd96add1fbeefe3ea2ce07c14e8b1e6b245488a2c248d0b8e51148
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-