General
-
Target
FX-Transfer-Form.xlsx
-
Size
1.5MB
-
Sample
210806-fwsmrzbq1a
-
MD5
31b142cebbf97b880ead6a2dc3f415e2
-
SHA1
b8b33c7492e0c6a25b2677f1126663d06a91fc2c
-
SHA256
4411b4a05f3bc654dc86eba66de02e9a20751357b57a411468eee55cf3c879ec
-
SHA512
0d4863b7184165fffa02a6bf10a5c157ed8246774cc5da7d9013d8bf448df123abaedbdf2260913b64ca52804190472fbabc483ccffc1b3cc485010d7234e325
Static task
static1
Behavioral task
behavioral1
Sample
FX-Transfer-Form.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
FX-Transfer-Form.xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
6mam
http://www.mobiessence.com/6mam/
gxduoke.com
lawmetricssolicitors.com
e-bizbox.com
ilovemehoodie.com
marcuslafond.com
bransolute.com
kuppers.info
kykyryky.art
vavasoo.com
tlamj.com
besport24.com
hibachiexpressnctogo.com
elglink99.com
maximos.world
uniamaa.com
aladinfarma.com
opticatervisof.com
delhibudokankarate.com
juliekifyukstyle.com
fuzhourexian.com
qvcrx.com
trendyheld.com
hanasugisaki.com
mylifeinpark.com
importexportasia.com
paypalticket5396173.info
threatprotection.net
mayartpaints.com
miamiqueensdress.com
designtomade.com
apacshift.support
candlewooddmc.com
riveraitc.com
adenxsdesign.com
fanbase.fan
beastninjas.com
shkanghong.com
f9fui8.xyz
bgpetty.com
ryderevanrobisonstudio.com
dragonshipping.com
schoolfrontoffice.com
mypursuitpodcast.com
moneyfollowsaction.com
blueline-productions.co.uk
munnarorganics.com
bagyat.com
scientiaxliv.com
genesysshop.com
freehypnosisevent.com
amazebrowser.com
coicplat.com
annettebrownlee.com
hangrylocal.com
titanusedcarsworth.com
geekotronic.com
microwgreens.com
cannamalism.com
at-academy.com
envirotechpropertiesltd.com
ramseybusinessinstitute.info
sublos.com
kilbyrnefarm.com
expressnailsspa.com
Targets
-
-
Target
FX-Transfer-Form.xlsx
-
Size
1.5MB
-
MD5
31b142cebbf97b880ead6a2dc3f415e2
-
SHA1
b8b33c7492e0c6a25b2677f1126663d06a91fc2c
-
SHA256
4411b4a05f3bc654dc86eba66de02e9a20751357b57a411468eee55cf3c879ec
-
SHA512
0d4863b7184165fffa02a6bf10a5c157ed8246774cc5da7d9013d8bf448df123abaedbdf2260913b64ca52804190472fbabc483ccffc1b3cc485010d7234e325
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-