General
-
Target
NEW ORDER FOR SUPPLY Ref PO-298721.doc
-
Size
9KB
-
Sample
220518-s7v75aebcr
-
MD5
999da45debe8277aa7669c3794c3e20a
-
SHA1
4f5d7562a57253fc3d9e08e966a446124dc73314
-
SHA256
5a2ba485918f8ae4dbe016d972fb1106ce28e5f4a003ab86d82c49db38c921e2
-
SHA512
6ac8e668cf358d4b095b610b381921e596c5fe507238108d633e42386830863e658bec07ca1e7a3e33aa18658b40a8b6db837480f5e27b7048293c9f1378b236
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER FOR SUPPLY Ref PO-298721.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER FOR SUPPLY Ref PO-298721.rtf
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.5
r007
trashpandaservice.com
mobileads.network
ascolstore.com
gelsinextra.com
bonestell.net
heitoll.xyz
ceapgis.com
mon-lapin.biz
miq-eva.com
rematedesillas.com
playingonline.xyz
hausense.quest
tnyzw.com
appsdial.com
addcolor.city
hagenoblog.com
michaelwesleyj.com
she-zain.com
lorhsems.com
karmaserena.com
avatarrooms.com
friendsofrythmia.com
hdnhwy.com
firstnightfanfiction.net
vixflow.com
b8ceex.com
generatespeed.com
vaps02.com
climate-crisis.team
saturdaynightl.com
baro-drom.com
talleyresort.com
doctruyenovergeared.com
mogli-designz.info
politiciantunnel.com
housesyrron.com
troibrown.com
go-svetovanje.com
littlebittech.com
totallyglamplans.com
primeusatv.com
leifengping.com
halalfreshdelivery.com
gumbosgeorgetown.com
alittleraeoflight.com
xn--tckybzdtby655a5tj.xyz
wgassllc.xyz
craftandcloud.com
attorneyyochum.com
cryptocourse.one
bloomintegratedwellness.com
partypirateboatrentals.com
chainmio-top.xyz
mrjsloan.com
merryutilityservices.net
zglingbishi.com
wytchbytch.com
michigansharkettes.com
gerizon.net
texcelmed.com
cafe21-3.com
freemovies123.online
ungalfresh.com
sendungs.com
iot-vn.com
Targets
-
-
Target
NEW ORDER FOR SUPPLY Ref PO-298721.doc
-
Size
9KB
-
MD5
999da45debe8277aa7669c3794c3e20a
-
SHA1
4f5d7562a57253fc3d9e08e966a446124dc73314
-
SHA256
5a2ba485918f8ae4dbe016d972fb1106ce28e5f4a003ab86d82c49db38c921e2
-
SHA512
6ac8e668cf358d4b095b610b381921e596c5fe507238108d633e42386830863e658bec07ca1e7a3e33aa18658b40a8b6db837480f5e27b7048293c9f1378b236
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-