General
-
Target
PO-A5671.xlsx
-
Size
587KB
-
Sample
210913-v9ez2ahcdl
-
MD5
5e3cfa8a71fbefaeedfc0d3dbe9f7c51
-
SHA1
34bf9b8b6c46cfe5ef624cbded56f2d59e1e59d3
-
SHA256
6b8fb4d4e872cf97e4e4943a9eee6a6d8175f518c039fdc066caae45b21fc5a8
-
SHA512
9cd7e84b15743bba2b420b17fdc92b7c9b79fb4ad87ab089313662a640ae080154d351522b82adb4e8d624e48d31594d2c51193ccb5b5ab3368956791bba07f5
Static task
static1
Behavioral task
behavioral1
Sample
PO-A5671.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO-A5671.xlsx
Resource
win10-en
Malware Config
Extracted
xloader
2.3
ecuu
http://www.polaritelibrairie.com/ecuu/
buoy8boats.com
tomrings.com
o-distribs.com
majesticgroupinc.com
tehridam.com
yzwjtoys.com
castro-online.run
aquarius-twins.com
jamesrrossfineart.com
pavarasupatthonkol.com
rivermarketdentistry.com
gyiblrjd.icu
redcountrypodcast.com
youngbrotherspharmacyga.com
betsysobiech.com
neocleanpro.com
ingpatrimoine.com
mustangsallytransportation.com
jsvfcxzn.com
krsfpjuoekcd.info
cricutcutfiles.club
fjucurta.com
soberrituals.com
mercamoderna.com
empirerack.com
poorwhitetrashlivesmatter.net
the-boardroom-usa.com
boldgroupghana.com
stathotshots.com
workabhaile.com
drgigadvisors.com
tfqvslhlh.club
meo6.com
myreti.com
tasteofourneighborhood.com
manufacturedinjapan.com
listenstech.com
jdcloud-neucampus.com
westgateoptometry.store
sourcefirstconsulting.com
xmasmobitvbuy.com
blackhillsfarmtn.com
georgiaforless.com
enovexcorp.com
nxtelligence.com
emotionalgangster.com
chainsawsparts.com
dplqyz.com
lossaboresdemama.com
805thaifood.com
safeandsoundyachtservices.com
grandparentsandkids.com
catalystdentalallies.com
keplersark.com
desrefuses.com
comerciolimited.com
cotonslife.com
pegasusf.xyz
rocketmortgagedeceit.com
mypartydelivered.com
gvassummit2020.com
thefamilybubble.com
lgjccz.com
donnaquerns.com
Targets
-
-
Target
PO-A5671.xlsx
-
Size
587KB
-
MD5
5e3cfa8a71fbefaeedfc0d3dbe9f7c51
-
SHA1
34bf9b8b6c46cfe5ef624cbded56f2d59e1e59d3
-
SHA256
6b8fb4d4e872cf97e4e4943a9eee6a6d8175f518c039fdc066caae45b21fc5a8
-
SHA512
9cd7e84b15743bba2b420b17fdc92b7c9b79fb4ad87ab089313662a640ae080154d351522b82adb4e8d624e48d31594d2c51193ccb5b5ab3368956791bba07f5
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-