General
-
Target
status.xlsx
-
Size
1.2MB
-
Sample
210727-lfcrc8brm6
-
MD5
29f0bda585a8167f6454692a90bc4680
-
SHA1
caf70f07d7e1f5fbd3cc80976eb3b72a63a883cf
-
SHA256
f733a7388657968b77ebcf2996451ff762cbdcc6f064e11b9a3671b47c29d17f
-
SHA512
936ae0cf1980b360617fd8ab9ab90727dcd1f628fababee16b108836a0cb4182d9d50169f4efb0914ac89d8ecbc9c765695c30221a05905e795658005a1b4f1d
Static task
static1
Behavioral task
behavioral1
Sample
status.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
status.xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
http://www.thafresnelgroup.com/p1nr/
sooncbd.com
gooddogs.direct
tauding.com
cydip.com
enlistedconnection.com
qa5g.com
makeandmendproductions.com
casethepeer.com
themusicseeds.com
xn--dlicatbikini-beb.com
unlimitedfp.com
homemadebakeries.info
thedealaccessories.com
mpoweru.life
dannalerma.com
toploveconcierge.com
ciaslo02.com
501581.com
mywordsunspoken.com
corrections-coaching-vienne.com
scdtohxvc.icu
aliteksaviationsafety.com
virtualcommerce.network
stgilespantry.com
trianglereviews.com
themontebelloatbiltmore.com
newsongsalways.com
autoglobal-ks.com
zbsun.com
zikao08.com
viruswaarheid.club
apicolaizquierdo.com
expertschain.com
spolm.com
jumboprivady.com
walkonhome.com
abrosnm3.com
caodongmei.com
cultivarholding.com
roq.media
kayanproperties.com
dowcosta4truckee.com
lovelesssaddlery.com
norarahimian.net
sicepatbet.com
utahsafecompany.com
sznaikan.com
lonestarbeverageservices.com
thaenablers.com
junyi81.com
compare-vacation-yg.fyi
omairmaryam.com
aaliyahchhabra.com
yqz8888.net
thobeya.com
tcgsantodomingo.com
valkconstruction.com
puristmoactivepure.com
izzieolsen.com
thewholenew.com
motherlodeliquor.com
urodiran.com
nordiic.com
verogustopromise.com
Targets
-
-
Target
status.xlsx
-
Size
1.2MB
-
MD5
29f0bda585a8167f6454692a90bc4680
-
SHA1
caf70f07d7e1f5fbd3cc80976eb3b72a63a883cf
-
SHA256
f733a7388657968b77ebcf2996451ff762cbdcc6f064e11b9a3671b47c29d17f
-
SHA512
936ae0cf1980b360617fd8ab9ab90727dcd1f628fababee16b108836a0cb4182d9d50169f4efb0914ac89d8ecbc9c765695c30221a05905e795658005a1b4f1d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-