General
-
Target
PO 446593.xlsx
-
Size
595KB
-
Sample
210831-begqglsjee
-
MD5
1014d65c46ff68235ce581fd93f9336d
-
SHA1
9ee84e43d1820c322de569124e60ee585ba9604c
-
SHA256
7df06bd9c7d806c3a7b1bddc2b78c6052070b3445cad6d2f9d3f0a21b844075c
-
SHA512
72b5023e3151018cd8fa1a7081ccc55e23e84809d9c116c45077efe12d0e8aef7cfe0af6ed7280556a99d83e6247c3948e636f13509cc4fd4f3396e8d0403484
Static task
static1
Behavioral task
behavioral1
Sample
PO 446593.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO 446593.xlsx
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
utrf
http://www.tijprintersolution.com/utrf/
serveyournation.com
angelaepedro2021.com
spyrodinero.com
voltaicmassage.com
companystsore.com
eulicense.com
politicianwatchlist.com
gol-investissement.com
novasolutions.website
fouralarmtechnology.com
nightloop.online
saycarrot.com
rdemnry.icu
silverspoonfrenchies.com
safetyswimwear.online
dabanse.com
oldhamvw.com
tvactivations.online
ntra120.com
gallagherandburton.com
zengheqiye.com
plannyo.com
icardgold.com
unitbasefilmrentals.com
webmailall-inkl.info
centralcoastbagels.com
poptop.ink
thetrapanigroup.com
amazonhaloband.info
yilmazsoft.com
meetiquell.com
bombshellbycj.com
konchokdolma.com
znhmyazg4dfnc.net
hauntway.com
heb-jiuxin.com
topcloudeast.com
zerosave.com
renovation-toiture-var.com
lakegreenwoodfishingguide.com
villavicencioenterprise.com
prazer-extremo.com
avedonalchemy.gallery
africaoutings.com
naturemistinternational.com
merchwatcher.com
tecnoloogeek.com
beerstars.club
theharvestonseniorliving.com
hoichoishops.com
prefabhomepackages.com
365webinaars.com
yildizyapiteknik.com
premiercateringint.com
alissapagelsminor.com
slayypoint.online
astoriahotelbarcelona.com
schwarze-flotte.com
thenearshoppe.com
godspeedcheckout.com
sunnyviewproperties.com
masterpiecefoods.com
dejendesta.com
onlinefacials.com
Targets
-
-
Target
PO 446593.xlsx
-
Size
595KB
-
MD5
1014d65c46ff68235ce581fd93f9336d
-
SHA1
9ee84e43d1820c322de569124e60ee585ba9604c
-
SHA256
7df06bd9c7d806c3a7b1bddc2b78c6052070b3445cad6d2f9d3f0a21b844075c
-
SHA512
72b5023e3151018cd8fa1a7081ccc55e23e84809d9c116c45077efe12d0e8aef7cfe0af6ed7280556a99d83e6247c3948e636f13509cc4fd4f3396e8d0403484
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-