General
-
Target
DOC.LZH
-
Size
410KB
-
Sample
210904-tb73gshebm
-
MD5
244b7cc8418346d75cca9b4d169a5fba
-
SHA1
d85a351aea4eeb8d770220277e2ce3b1b980b486
-
SHA256
84ab5a7f638456782fd8cf6bbbb4e9a2f800abafeea42a075516d8f597fa26ce
-
SHA512
7068fe3ed782b7af54c7732cabd1019b3ccba99ae64a55474df1706892836d7aad333290a6bca4ada9c19bc7806197faf0aae1f085cf8154863719eb0eff9468
Static task
static1
Behavioral task
behavioral1
Sample
DOC.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
n58i
http://www.mack3sleeve.com/n58i/
nl-cafe.com
votetedjaleta.com
britrobertsrealtor.com
globipark.com
citysucces.com
verisignwebsite-verified.com
riddlepc.com
rosecityclimbing.com
oleandrinextract.com
salmankonstruksi.com
needhamchannel.com
refreshx2z.com
youth66.com
pla-russia.com
halloweenmaskpro.com
exdysis.com
1gcz.com
lookgoodman.com
rlxagva.com
stlcityc.com
writingleagues.com
biodunandewaoluwa.com
whitepetalsboutiques.com
idirtivio.com
ministerioslodj.com
bachelors.win
floortak.co.uk
naturaldogseltzer.com
hypermediarus.online
grandrapidsvirtualboatshow.com
usabrokersgroup.net
marketlala.com
5923599.com
oldhousechicago.com
crucial.company
chickaboom.net
fashionelixirs.com
robertstevensonphotography.com
goddessruby.com
hostings.company
freeganyachtclub.com
shierxing.com
sfca01.com
ahhtcd.com
yournumberoneteam.com
w88linklogin.com
worldchampsfootball.club
arcadems.com
rutroms.club
oxfordholidaycottage.com
science-laboratory.info
wecarefamilyphysicians.com
cdaaesthetics.com
defyesthetics.com
haselwoodvwevents.com
promoterss.com
gromov-plc.com
themaximogroup.com
litlidin.com
guangheng-sh.com
cashcowlending.com
foxelpie.com
bppublicschool.com
terapiademuerdago.com
Targets
-
-
Target
DOC.exe
-
Size
688KB
-
MD5
5045cebda11fea245cfa92e2cc406119
-
SHA1
69512164421d2b9f911f66837cda9f1e18dd86c9
-
SHA256
1575d06ca2a52c1ff60058d6fba43712c2926ecd3f640710ed8f96ec3aaf57da
-
SHA512
c7febf7bd68c01f0471e2359d5db921745b096d441e35aa5384d98de7dc1a50549aaac70714fd9ab91c40e45b824425a2ff1b31f171b1d88de52d7849f5fc50c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-