General
-
Target
ea3f4c561877e6ed6e5dcb7b58b147c9
-
Size
249KB
-
Sample
220616-lhd4zscgdp
-
MD5
ea3f4c561877e6ed6e5dcb7b58b147c9
-
SHA1
c3a26e2176171bfa232b4eb4562ed29859fc8853
-
SHA256
5dac05f27ed9d91e3e24a2f61fcc9704bf9e0db42daaf00c8b4b777c88cc3c5c
-
SHA512
3cbee9bc7466d91888480d9e21e85e6a255c385817fe3fec8d6acce74244e52e516656ac9c2791af937db9cb074059299ab60f59b196068309b49cf89eb2a2f5
Static task
static1
Behavioral task
behavioral1
Sample
MLSC-Shipping Documents.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MLSC-Shipping Documents.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
grh2
xk0brx90clasle.xyz
xu0dmczr2rl4f5.xyz
ethiou.com
holtanalytical.site
bdswissminingtech.com
kardspodcast.com
phoenixtx.net
worldsriot.com
xn--cssvis15p.top
aydenalice.com
vinnyandfrens.com
greks33.com
clickintestinal.com
manningscr.com
ptryiuhfdsbc9522.xyz
cottageindentchi.xyz
ekknag-udps.tech
thedwordbydh.com
veganin.tech
leon-bet-uz.com
talkytroop.online
spikeserver.xyz
fnkg5xru.xyz
carefreeadventurer.com
elitetoronto.net
mysaucan.xyz
jnsmxyl.com
velas.group
wecanistanbul.com
kansashealthsystem.net
ephemeraunlimited.com
tadesseautoservice.com
ventadecasasenanapoima.com
rentcamperitaly.com
beinglaboratory.net
containercapsptyltd.xyz
mobilenotaryconnection.net
rkbet51.xyz
renewy.cfd
chengdubangdao.com
fb7w.com
dx672.com
mimaed.com
ygocard.xyz
catdp.com
vietcrawl.com
bodog-review.com
humoradvocate.com
palswalk.com
wallet-poocoin.com
webdoan.online
interest-spot.com
fashionrongo.com
fjg0042.xyz
doctormoonhattan.xyz
rbtez7.store
marcelhladik.online
biu3w8.com
stpaulumcjbr.com
hsy-iso.com
printcubetechnologies.com
xn--feiwrgli-3za.com
bowt.us
w8spdfxooi.xyz
shop4scrubs.com
Targets
-
-
Target
MLSC-Shipping Documents.xlsx
-
Size
181KB
-
MD5
670993b8a4a75f7e7078b1c8e92ca5a1
-
SHA1
813be857ea8da95c8613ed813aaf118f761e3096
-
SHA256
0228f98d83b52281560b57fa73d47b773621409a2bb0cd0c9a1d2e0ac882684a
-
SHA512
db20486318115c3d3ce20bc61cdd20f00b16500f69200c9df129e2d61951ccc233f8ac25b470cc90eefb9332c473cb980d410243987bc8ef677e2fdb0311401c
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-