General
-
Target
ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx
-
Size
167KB
-
Sample
220707-ggvywseael
-
MD5
427844798df6d54274eb9dbb7ccf2859
-
SHA1
ee430c29a1584d4ec0326b9ef244865bc9148b70
-
SHA256
52061b89eea6713279a56c1d0075b94c2dbda96772592271b9200c81a0941426
-
SHA512
69b8f81ee43e90db550463f54e01144240d768874c9f94dd782361ff8bd23517f8e9b600849d467dfc9a9d4fe11d601c8c29d8a91e87a50add681fc68f51e5dd
Static task
static1
Behavioral task
behavioral1
Sample
ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
a2es
glutenfreebahrain.com
sportrid.com
js-films.com
cie-revolver.com
outsourcinginstitutebd.com
roboticsdatascience.com
tebrunk.com
needgreatwork.com
df1b8j2iwbl33n.life
voluum-training.com
cherna-roza.com
xiyouap.com
bluefiftyfoundation.com
angolettomc.com
yhcp225.com
keondredejawn.com
ifeelsilky.com
coraorganizing.com
smartmindstutorials.com
tanphucuong.info
cxy.cool
criatorioimperial.online
timelyzer.com
chounvwd.com
taxidrivertrading.com
vooyage.xyz
mbtq.financial
tmshop.ma
newexmag.com
wildblumebmd.com
faucetvddw.club
sexism.info
precisionspinecolorado.com
jmigy.com
theplayhouse88.com
theskinrevive.com
envisionexpereience.com
matuschekandcompany.com
zouyuting.com
loansbill-pay.website
albertoalaniz.space
elfstore.net
klapia.online
panxiaozhi.net
soprodutosgeniais.com
amstorex.com
tiktokrycy41.xyz
datisbrick.com
hotelnoucanguillem.com
prekkr.com
jensenko.com
spiritualteashop.com
cyberdyne.world
0xauetw0ye50f.xyz
berendsit.com
kalycollcwn.info
tonenusdt.xyz
ckhla.com
igralki.com
princesskinnymixers.com
tvmountinstallguy.com
choicegoodsshop.com
diamont-services.com
mideazhiyou.com
katescakesandcreations.com
Targets
-
-
Target
ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx
-
Size
167KB
-
MD5
427844798df6d54274eb9dbb7ccf2859
-
SHA1
ee430c29a1584d4ec0326b9ef244865bc9148b70
-
SHA256
52061b89eea6713279a56c1d0075b94c2dbda96772592271b9200c81a0941426
-
SHA512
69b8f81ee43e90db550463f54e01144240d768874c9f94dd782361ff8bd23517f8e9b600849d467dfc9a9d4fe11d601c8c29d8a91e87a50add681fc68f51e5dd
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-