General
-
Target
Order Confirmation deliv 29-07-2022 if settled 50%.xlsx
-
Size
49KB
-
Sample
220727-zj95psdbc5
-
MD5
8d30407d92f85d9f2ec4961a6255b5bb
-
SHA1
cda4b0df74fc0a7cad551dd60e3a61d05164c1e5
-
SHA256
ef140be8154ae5421678e4f00bb703a82dba271782bd603d2930e4b10dcc4f28
-
SHA512
fea5c8d52bd66f5ab39d616e3cc0b80315faadccd53f0fb03291cea388d8dc89d4e745521875704bfa28a7ce81fcd6f906cedb178e96461476b0efe3882d4107
Static task
static1
Behavioral task
behavioral1
Sample
Order Confirmation deliv 29-07-2022 if settled 50%.xlsx
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Order Confirmation deliv 29-07-2022 if settled 50%.xlsx
Resource
win10v2004-20220722-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220718-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220721-en
Malware Config
Extracted
xloader
2.6
zgtb
gabriellep.com
honghe4.xyz
anisaofrendas.com
happy-tile.com
thesulkies.com
international-ipo.com
tazeco.info
hhhzzz.xyz
vrmonster.xyz
theearthresidencia.com
sportape.xyz
elshadaibaterias.com
koredeiihibi.com
taxtaa.com
globalcityb.com
fxivcama.com
dagsmith.com
elmar-bhp.com
peakice.net
jhcdjewelry.com
moradagroup.tech
luminantentertainment.com
originalfatfrog.com
istanbulbahis239.com
digismart.cloud
egclass.com
video-raamsdonk.online
enjoyhavoc.online
elegantmuka.com
crememeup.store
gasgangllc.com
worldmarketking.com
johnywan.icu
ctxd089.com
vipbuy-my.com
cboelua.com
sitesv.com
7788tiepin.com
unionfound.com
freecrdditreport.com
symmetrya.online
thinoe.com
line-view.com
immobilien-mj.com
alignedmagic.com
mecontaisso.com
plumberbalanced.com
zhouwuxiawu.com
obokbusinessbootcamp.com
chance-lo.com
jujuskiny.com
kkrcrzyz.xyz
daquan168.com
groupeinvictuscorporation.com
leadswebhosting.com
payphelpcenter950851354.info
subvip60.site
ink-desk.com
luminaurascent.com
jivraj9india.com
topproroofer.com
nxteam.net
can-amexico.com
premhub.club
zs-yaoshi.com
Targets
-
-
Target
Order Confirmation deliv 29-07-2022 if settled 50%.xlsx
-
Size
49KB
-
MD5
8d30407d92f85d9f2ec4961a6255b5bb
-
SHA1
cda4b0df74fc0a7cad551dd60e3a61d05164c1e5
-
SHA256
ef140be8154ae5421678e4f00bb703a82dba271782bd603d2930e4b10dcc4f28
-
SHA512
fea5c8d52bd66f5ab39d616e3cc0b80315faadccd53f0fb03291cea388d8dc89d4e745521875704bfa28a7ce81fcd6f906cedb178e96461476b0efe3882d4107
-
Xloader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
decrypted
-
Size
45KB
-
MD5
ed7afef8265f3d85d571fb19e74b460d
-
SHA1
d1918dfaed320f8024444e4e3dfe30ed3620bcc7
-
SHA256
455944f7122430aea2d180e477964eec7d81f8bf79e07134e2f24928e8f0f4c0
-
SHA512
2cd5f7b99b32ef171ab811e62ea0c3c242b98e6978d3ccc3c85178073df92b9eb19cf27ea59d9749e4353d345ab7cc80845832cb41eed161a5500d51fd3af3fa
-
Xloader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-