General
-
Target
Envio de documento_DHL 22_02_2022.xlsx
-
Size
186KB
-
Sample
220223-jdl8pahch9
-
MD5
05f91845566d3742dc8fb9443ede69f0
-
SHA1
1d8a64bab1040ca7fd0a36fa40a4869038d54c7f
-
SHA256
fb624084468d7c727ce92a9257781be69dac3cb13ba42bce978b56a7466aafc3
-
SHA512
03f3c22ca3fe18566697cc26e54fe46236fa0210b4a50235e1fa18a2710d78183240551995c3d58636dabe488d7aedde389a7d0216bba3f822daaa9d53412d60
Static task
static1
Behavioral task
behavioral1
Sample
Envio de documento_DHL 22_02_2022.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Envio de documento_DHL 22_02_2022.xlsx
Resource
win10v2004-en-20220112
Malware Config
Extracted
xloader
2.5
yrcy
ordermws-brands.com
jkbswj.com
dairatwsl.com
lewismiddleton.com
hevenorfeed.com
kovogueshop.com
cyberitconsultingz.com
besrbee.com
workerscompfl1.com
wayfinderacu.com
smplkindness.com
servicesitcy.com
babyvv.com
fly-crypto.com
chahuima.com
trist-n.tech
minjia56.com
oded.top
mes-dents-blanches.com
nethunsleather.com
onlinesindh.com
genrage.com
bhalawat.com
5gwirelesszone.com
semejnyjochag.com
shopvintageallure.com
laqueenbeautybar.supplies
hominyprintingmuseum.com
taksimbet13.com
fairytalesinc.com
loversscout.com
nxn-n.com
lovebydarius.store
mintnft.tours
snowjamproductiosmedia.com
boraviajar.website
cryptointelcenter.com
m2momshealth.com
perfectionbyinjection.com
cletechsolutions.com
skin4trade.com
a9d7c19f0282.com
waltersswholesale.com
lendsoar.com
virginialandsforsale.com
shinepatio.com
nba2klocker.team
picturebookoriginals.com
chatteusa.com
bodevolidu.quest
certidaoja.com
scgxjp.com
cbd-cannabis-store.com
kadinisigi.com
vacoveco.com
hostedexchangemaintainces.com
hf59184.com
jingguanfm.com
browsealto.com
kymyra.com
xrgoods.com
dtsddcpj.com
uptimisedmc.com
redsigndesign.com
drmichaelirvine.com
Targets
-
-
Target
Envio de documento_DHL 22_02_2022.xlsx
-
Size
186KB
-
MD5
05f91845566d3742dc8fb9443ede69f0
-
SHA1
1d8a64bab1040ca7fd0a36fa40a4869038d54c7f
-
SHA256
fb624084468d7c727ce92a9257781be69dac3cb13ba42bce978b56a7466aafc3
-
SHA512
03f3c22ca3fe18566697cc26e54fe46236fa0210b4a50235e1fa18a2710d78183240551995c3d58636dabe488d7aedde389a7d0216bba3f822daaa9d53412d60
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-