General
-
Target
Vecchio debito_SKTGH_465585484754.xlsx
-
Size
187KB
-
Sample
220128-zpal2adcdr
-
MD5
3ecca47c8fd3d3fe23e3de46298b346c
-
SHA1
0bed1382da7ffeaf9aa0aa28e9143cffc0ec606d
-
SHA256
6f401d7546fc2bd85b659a1d30a89bf21451e327e2712ab86f1a3dec421b7e64
-
SHA512
535050e8fc49e158f292f802bccbc2a12fbbf1a48ff77182ab33f70425161862d623b50d4ba8a0a9818d4922601d02830d00f5723bc819b4f3131012482daee2
Static task
static1
Behavioral task
behavioral1
Sample
Vecchio debito_SKTGH_465585484754.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Vecchio debito_SKTGH_465585484754.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
yrcy
ordermws-brands.com
jkbswj.com
dairatwsl.com
lewismiddleton.com
hevenorfeed.com
kovogueshop.com
cyberitconsultingz.com
besrbee.com
workerscompfl1.com
wayfinderacu.com
smplkindness.com
servicesitcy.com
babyvv.com
fly-crypto.com
chahuima.com
trist-n.tech
minjia56.com
oded.top
mes-dents-blanches.com
nethunsleather.com
onlinesindh.com
genrage.com
bhalawat.com
5gwirelesszone.com
semejnyjochag.com
shopvintageallure.com
laqueenbeautybar.supplies
hominyprintingmuseum.com
taksimbet13.com
fairytalesinc.com
loversscout.com
nxn-n.com
lovebydarius.store
mintnft.tours
snowjamproductiosmedia.com
boraviajar.website
cryptointelcenter.com
m2momshealth.com
perfectionbyinjection.com
cletechsolutions.com
skin4trade.com
a9d7c19f0282.com
waltersswholesale.com
lendsoar.com
virginialandsforsale.com
shinepatio.com
nba2klocker.team
picturebookoriginals.com
chatteusa.com
bodevolidu.quest
certidaoja.com
scgxjp.com
cbd-cannabis-store.com
kadinisigi.com
vacoveco.com
hostedexchangemaintainces.com
hf59184.com
jingguanfm.com
browsealto.com
kymyra.com
xrgoods.com
dtsddcpj.com
uptimisedmc.com
redsigndesign.com
drmichaelirvine.com
Targets
-
-
Target
Vecchio debito_SKTGH_465585484754.xlsx
-
Size
187KB
-
MD5
3ecca47c8fd3d3fe23e3de46298b346c
-
SHA1
0bed1382da7ffeaf9aa0aa28e9143cffc0ec606d
-
SHA256
6f401d7546fc2bd85b659a1d30a89bf21451e327e2712ab86f1a3dec421b7e64
-
SHA512
535050e8fc49e158f292f802bccbc2a12fbbf1a48ff77182ab33f70425161862d623b50d4ba8a0a9818d4922601d02830d00f5723bc819b4f3131012482daee2
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-