General
-
Target
GLC-2021-E025(1).xlsx
-
Size
1.2MB
-
Sample
210727-l3mxarvy8e
-
MD5
0b88672aa208666b2a856b6637517d45
-
SHA1
6a255c999480b1dc260944d0aa10eebc11cdd994
-
SHA256
8e2417d7d83848d639c70725fc66a8d81f46bbbf936b1442fd649ff4f2885c54
-
SHA512
879607423bcb6d80837b34268d1e798f2d9f4394aa4c576954f8a05776b46faab8f7b657a7feaeea2b9ab8e34d41c78bbd9f208572dc20646c0ae9a6192d7e93
Static task
static1
Behavioral task
behavioral1
Sample
GLC-2021-E025(1).xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
GLC-2021-E025(1).xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
http://www.allodrh.com/qmf6/
triloxi.com
blackstogether.com
jctradingllc.com
debbieandlesa.com
badseedsco.com
tjlovers.com
creativeresourcesconsulting.com
ksmjobs.net
reginajohas.net
site123web.com
pracliphardware.com
lunchtimewithtwilyght.com
remotereel.com
spartanmu.com
porter-booking-engine.com
slouberdounces.com
certificationsarchive.com
kat420nip.com
prancegoldholdingsjewels.com
xn--botiqunbotnico-4gb1q.com
merlinevcenter.com
roofingmiramar.com
dtforex.com
firstpersondev.com
minx.wine
calleymarie.com
ansiolev.com
planetentertainment.net
solisdq.info
trumpkilledthekurds.com
prospecthomeinspection.com
mygoogle-account.com
8666gp.com
an-food.net
hapticfootwear.com
joonoocos.com
thebinarybit.com
sweclocker.com
suemylp.com
zipyay.com
kavusikhodro.com
michellekirbynd.com
flatminis.com
bellabodyweightloss.com
allhomeoffices.com
groovysmoothieandjuice.com
m230.site
oralfitnessdc.com
captureq.com
pawoldiaspora.com
abogatec.com
moknowstexting.com
juliathechild.com
theherbx.com
applymyname.com
we-love.coffee
s9c7s5f0d99.mobi
algerie24news-dz.com
raditpramudya.com
maritimotapas.com
starfish.wtf
girliot.com
freshampere.info
viennavatreeservice.com
Targets
-
-
Target
GLC-2021-E025(1).xlsx
-
Size
1.2MB
-
MD5
0b88672aa208666b2a856b6637517d45
-
SHA1
6a255c999480b1dc260944d0aa10eebc11cdd994
-
SHA256
8e2417d7d83848d639c70725fc66a8d81f46bbbf936b1442fd649ff4f2885c54
-
SHA512
879607423bcb6d80837b34268d1e798f2d9f4394aa4c576954f8a05776b46faab8f7b657a7feaeea2b9ab8e34d41c78bbd9f208572dc20646c0ae9a6192d7e93
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-