General
-
Target
list.xlsx
-
Size
182KB
-
Sample
220121-mxb4lsbee6
-
MD5
73bafd13dd3a637036a13fca6fb1b232
-
SHA1
e8a56b2195a47a5d57a9800847257e30a0d94ff6
-
SHA256
0f5826444c6b1941a7bbf999ae4aa7488b96d57732be19d4f0ac87415cf26beb
-
SHA512
b62173346507b78d7649ce8255d298150183c0d828eb777214f7df1df259fc1e9b0af5aaa66dbeed1636bc736764d3cc1041af7c29bc236b1141c86f058a5a92
Static task
static1
Behavioral task
behavioral1
Sample
list.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
list.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
jdo2
adopte-un-per.com
lmandarin.com
shonemurawni.quest
bantasis.com
jsdigitalekuns.net
hiddenroom.net
arungjerampangalengan.com
yinghongxw.com
buzzcupid.com
lattent.digital
faxtoemailguide.com
romanticfriryrose.com
ruleaou.com
mochiko-blog.com
sekireixploit.com
bcx-wiremesh.com
jobportalsg.com
wysspirit.com
iflycny.com
sh-cy17.com
kryptolaunches.com
studio-levanah.com
iotnews.xyz
scznjt.com
puppizy.com
sportax.store
musicnjoy.art
thenerdyarkade.com
prelacies.info
eastwebdesign.com
clients-schwab.com
freemsw.com
propertytaxtt.com
camelammo.com
udidactica.com
nutriorlando.com
logichome.store
brickge.com
gnews24.press
cryptofuelcars.com
giftcodefreefirevns.com
xn--wnys27c.xyz
123sabi.com
drnxskop.xyz
guiadescontopromocional.com
traderro.com
oilsandsresources.com
dosmed.store
bullmediamarketing.com
brainnwave-uk.com
situspokergames.club
lowestfars.com
x99av2.xyz
bungaauraprediction.com
companyintel.direct
netzastronaut.com
abouttofeast.com
roleplaysaga.com
postkz.host
sobheweb.com
exit-10-exodus.com
oxanger.com
onehundredwomennash.com
decamento.com
remover-erro.com
Targets
-
-
Target
list.xlsx
-
Size
182KB
-
MD5
73bafd13dd3a637036a13fca6fb1b232
-
SHA1
e8a56b2195a47a5d57a9800847257e30a0d94ff6
-
SHA256
0f5826444c6b1941a7bbf999ae4aa7488b96d57732be19d4f0ac87415cf26beb
-
SHA512
b62173346507b78d7649ce8255d298150183c0d828eb777214f7df1df259fc1e9b0af5aaa66dbeed1636bc736764d3cc1041af7c29bc236b1141c86f058a5a92
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-