General
-
Target
Payment Advice.xlsx
-
Size
187KB
-
Sample
220209-kbaybahfc8
-
MD5
dc01121346f71cb161d7f643235effd1
-
SHA1
4d0e5c5a56a86d049e815e1c8939066aea4fc592
-
SHA256
17f71f787c12cec37909e4355791ab91c28710248769c1b39a1ac819c04c3d8a
-
SHA512
fdcdfa5c44cfb776b2ffa11d200c14fccc3b8d25611bc93e40e87583ce953f3e156fbfcb2dcdb0447e64a3d43a1573023199b65af5eb82d48bc0998115b30b4b
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Payment Advice.xlsx
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
o6tg
turkscaicosonline.com
novelfoodtech.com
zgrmfww.com
gestionalcliente24hrs.store
postrojka.com
tapissier-uzes.com
tobytram.one
preamblegames.com
clicklinkzs.com
franksenen.com
beautygateway.net
foils-online.com
aout.us
promarkoperations.com
alignatura.com
changemylifefast.info
minbex.icu
internethustlersociety.com
chinacqn.com
fibsh.com
878971.com
diy-shisha.com
smarthomesecurity.online
orimsglow.com
platterwax.xyz
ipinksheets.com
robertatoschi.com
mieventi.com
qumuras.info
anyoneh.com
lovegasboutique.com
elimchambers.com
nanopicomedia.com
getoken.net
thechristmaslightingstore.com
progressivecapital.net
ott-leszek.com
flaneur.city
srikrishnadental.com
bantasis.com
forhims.jobs
sscmdpt.com
americanpawnaz.com
greatdayplumbing.com
skinstorecenter.com
chaoticcomicscrafts.com
farhadhossain.us
c-soi.com
http01.com
tjweifukeji.com
controldatasa.com
fitlearningphoenix.solutions
polecatroofing.com
xrxgqf.website
helmettips.com
caesarscasiono.com
dmfcommercialrealty.com
risecards.com
energycolumbus.com
slot138gacor.com
votenoahring.com
trigatefinancial.com
cuework.com
victorianalpine.com
makvik.online
Targets
-
-
Target
Payment Advice.xlsx
-
Size
187KB
-
MD5
dc01121346f71cb161d7f643235effd1
-
SHA1
4d0e5c5a56a86d049e815e1c8939066aea4fc592
-
SHA256
17f71f787c12cec37909e4355791ab91c28710248769c1b39a1ac819c04c3d8a
-
SHA512
fdcdfa5c44cfb776b2ffa11d200c14fccc3b8d25611bc93e40e87583ce953f3e156fbfcb2dcdb0447e64a3d43a1573023199b65af5eb82d48bc0998115b30b4b
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-