General
-
Target
Lod4.xlsx
-
Size
186KB
-
Sample
220131-e1zp3sfeh8
-
MD5
56ef6b1e6fd2fc1dc0f874684946e22d
-
SHA1
933a7a76510252a38d95f66b5da8027c8e670e0d
-
SHA256
ee125af12f2e57274d9319559690ab1c9403ddacc9bb337e7109c189ecf64a91
-
SHA512
269c136ceb741510781a3cf0e08aea1004a84631712bdc890195c4f4d11cb2238c3e3338e659081aae2dc9ef43f0679e934734132467c6fef67c6ddea8383f28
Static task
static1
Behavioral task
behavioral1
Sample
Lod4.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Lod4.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
ndf8
cantobait.com
theangularteam.com
qq2222.xyz
floridasteamclean.com
daffodilhilldesigns.com
mindfulagilecoaching.com
xbyll.com
jessicaepedro2021.net
ccssv.top
zenginbilgiler.com
partumball.com
1681890.com
schippermediaproductions.com
m2volleyballclub.com
ooiase.com
sharingtechnology.net
kiminplaka.com
usedgeartrader.com
cosyba.com
foodfriendshipandyou.com
ottolimo.com
growingyourlist.com
therealvictoriabelieves.com
juststartmessy.com
giovannahuyke.biz
conditionsapplied.com
hypadel.com
hpywk.com
safepostcourier.com
heshicn.net
perfektdesigns.com
4008238110.com
29store.xyz
frasins.com
amrittrading.com
dimaiwang.com
promtgloan.com
rosalvarodriguez.com
yiqingdh.xyz
toloache-matrix.com
homevoru.com
esatescort.xyz
onlinedictionary.cloud
smarthomesecurity.online
nikisankala.com
multizoneductlessminisplits.com
32123.space
bethesdagardensloveland.com
bestpicture-toglancetoday.info
mochicascafe.com
moneylovepig.com
envisioneyecare.net
jumbul.com
onbecomingalifecoach.com
gubosaonline.com
2636654.win
ktxloo.com
side-clicks.com
spectrumassociation.com
albatrosmed.store
drsazidalsahaf.com
applykpologistics.com
rezzo-jazzavienne.com
huachen100.net
pawastreams.com
Targets
-
-
Target
Lod4.xlsx
-
Size
186KB
-
MD5
56ef6b1e6fd2fc1dc0f874684946e22d
-
SHA1
933a7a76510252a38d95f66b5da8027c8e670e0d
-
SHA256
ee125af12f2e57274d9319559690ab1c9403ddacc9bb337e7109c189ecf64a91
-
SHA512
269c136ceb741510781a3cf0e08aea1004a84631712bdc890195c4f4d11cb2238c3e3338e659081aae2dc9ef43f0679e934734132467c6fef67c6ddea8383f28
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-