General
-
Target
Po2142021.xlsx
-
Size
587KB
-
Sample
210914-lvvx9saear
-
MD5
76ea81747e2e9370b97e4d47ddfbabdd
-
SHA1
169fcccd26f30b2bdc6374efe085d5a45812f194
-
SHA256
100738b518fd653a4244f947f6793b69896cb4ef75876588c758e1d521c535c1
-
SHA512
5b8eb3eb4c6af0cf3035e7a8af940c0b1239058a4448f937d7494eb8107b6b069f4e14692aa25de21a5b2478b9d9ce0e5771c8d3bc2389a1edce428002caf9d5
Static task
static1
Behavioral task
behavioral1
Sample
Po2142021.xlsx
Resource
win7-en
Behavioral task
behavioral2
Sample
Po2142021.xlsx
Resource
win10-en
Malware Config
Extracted
xloader
2.3
b6a4
http://www.helpmovingandstorage.com/b6a4/
gr2future.com
asteroid.finance
skoba-plast.com
rnerfrfw5z3ki.net
thesmartroadtoretirement.com
avisdrummondhomes.com
banban365.net
profesyonelkampcadiri.net
royalloanhs.com
yulujy.com
xn--naqejahan-n3b.com
msalee.net
dollyvee.com
albertagamehawkersclub.com
cbspecialists.com
findingforeverrealty.com
mrtireshop.com
wadamasanari.com
growtechinfo.com
qipai039.com
kdpwelness.com
heonyearthoo.com
comprarmiaspiradora.com
e38.site
aryadesigningstudio.com
wildwestkelly.com
mengzhanxy.com
kedaiherbalalami.com
mygaybookcase.com
meetheveganz.com
42shenmao.com
siimezhebi.com
id-ers.com
cabalzi.com
hellahealthy.life
mastermind-kc.com
erinkiauq.icu
shinebrightjournal.com
adventuresofdatinginnyc.com
kestuf.net
khadarelhodge.com
maximumsale.com
rishitaprabhu.com
dinhvitraitim.com
dalvascleaningservice.com
norfolkveggiebox.com
findsmartvestorpro.com
shuangyashanpower.com
shukujitsu.net
naughty0milf.today
jdjseshop.com
breathlessandinlove.com
abrosnm3.com
candoyuran.com
recargasasec.com
puffycannabis.com
shopnewmills.com
blue-sky-music.com
besthypee.com
idahocommunitynewsnetwork.com
darenscape.com
gamificationbiz.com
avosmains.net
starlangue.com
Targets
-
-
Target
Po2142021.xlsx
-
Size
587KB
-
MD5
76ea81747e2e9370b97e4d47ddfbabdd
-
SHA1
169fcccd26f30b2bdc6374efe085d5a45812f194
-
SHA256
100738b518fd653a4244f947f6793b69896cb4ef75876588c758e1d521c535c1
-
SHA512
5b8eb3eb4c6af0cf3035e7a8af940c0b1239058a4448f937d7494eb8107b6b069f4e14692aa25de21a5b2478b9d9ce0e5771c8d3bc2389a1edce428002caf9d5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-