General
-
Target
STATEMENT OF ACCOUNT.xlsx
-
Size
187KB
-
Sample
220127-qb4hhsded5
-
MD5
66e2bb43ed1a5a87616c08672e306092
-
SHA1
70d980e7abf781b278ef3203effd7180ffc97b19
-
SHA256
8eb9b1f63d88f5f81ee3de3131f4387de6bd005d9b79d4a0ce3a32703e2e84ef
-
SHA512
1381454b6378de92a0444ebd0a1fd7d8bb3c0d8603b7404d9e166a019e6ceb5743b7169626bae6b966c7a2e1a7f20a5dbd48f53abeb234e5c4a3618ce7a5bca0
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNT.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
STATEMENT OF ACCOUNT.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
dpzz
roadstown.com
idfaltd.com
infotechsearchgroup.com
elcuentodelaprincesa.com
youkutiyu88.com
wildparkresort.com
iss-sa.com
jmglaser.com
criticalthinking.store
cabinetsossa.com
satseconomy.com
newendtech.com
gran-piel.com
accoya.net
timothyschmallrealt.com
valentikaeventos.com
majestineprojector.com
love-austria.com
hermetikyogusmalikombi.com
karasevda-jor.com
almuniroptics.com
frutza.com
serestovfleacollar.com
sourisordinateur.com
tehoierenursery.online
conley.agency
mayyon.net
doggiheaven.com
mariachiguide.com
amainsposees.com
alleystaxs.com
ehqjewellery.com
endosstore.com
hermesuk-tracking.com
trc-clicks.com
eliteseoteam.com
nataliamoran.com
jagoq99.com
mebbofccmb116.com
adrift-affair.com
erhardlohmueller.gmbh
tambeing.com
zsl1121zj.top
satoh-shika1.com
qoyay.com
metachicago.digital
adcrypto.xyz
streamwade.com
hoehn.xyz
markarge.com
micheluxurywigs.com
vitalrhino.com
yateseuropa.com
monkenram.com
wantingatsytz.online
worldhealthorganize.com
onlyconference.com
beingnutrition.net
catalunya.network
dry.xyz
baogtech.com
yhw86.com
davidnitsche.com
sexycurvycool.com
yuuc.top
Targets
-
-
Target
STATEMENT OF ACCOUNT.xlsx
-
Size
187KB
-
MD5
66e2bb43ed1a5a87616c08672e306092
-
SHA1
70d980e7abf781b278ef3203effd7180ffc97b19
-
SHA256
8eb9b1f63d88f5f81ee3de3131f4387de6bd005d9b79d4a0ce3a32703e2e84ef
-
SHA512
1381454b6378de92a0444ebd0a1fd7d8bb3c0d8603b7404d9e166a019e6ceb5743b7169626bae6b966c7a2e1a7f20a5dbd48f53abeb234e5c4a3618ce7a5bca0
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-