General
-
Target
SALES CONTRACT 914 VIPA ORDER 213581.xlsx
-
Size
587KB
-
Sample
210921-jwjkhsbdfr
-
MD5
57d15b392c41d1fef88631aa16d1717f
-
SHA1
19edf447fb1f102d85f22df4bdc13f8b5a3504bc
-
SHA256
16b2ff1b7878c49d974b08f7a91669a472c4bfacbfbf486209c6cefe2c117302
-
SHA512
6eba268985edf22d1cd0f6e9f905fc6b1896009fed103b221b100447a6c8d85c8d5316f22a333be61594361bf71c3b411ae30f588e933bb73cc32f745519147d
Static task
static1
Behavioral task
behavioral1
Sample
SALES CONTRACT 914 VIPA ORDER 213581.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
SALES CONTRACT 914 VIPA ORDER 213581.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
9gdg
http://www.dechocolate.online/9gdg/
cao-catos.ca
humanityumbrella.com
heatherflintford.com
paddyjulian.com
venturedart.com
pimpyoursmile.com
shellbacklabs.com
acesteeisupply.com
socotrajeweltours.com
aykutozden.com
corncobmeal.com
lesbiansforever.com
picknock.com
pawspetreiki.com
waikikidesignco.com
lelittnpasumo4.xyz
billing-updating.info
barangdapo.com
gatorfirerescue.com
jmovt.com
yozotnpasumo4.xyz
theindiandreams.com
javfish.com
algorham.photography
eurocustompainting.com
commentcard.club
probinns.com
yourlenderjake.net
bestofmdi.guide
miniperfumeria.com
shanxishuangcheng.com
viviantle.com
metaverseliveshopping.com
xn--vckzfv91k.com
garygoodtime.com
meysaninsaat.com
vietnamagritourism.online
greenpillers.net
hughhegartyhedgecutting.com
clarkdn.com
b148t1rfm01qvtbnvgc5418.com
trump-911-memorial.com
seekr.tech
amarettoliqueur.info
planext4u.com
dzairfoot24.com
freshstartdaycarecenterinc.com
redwoodwomen.com
reallyfuntastic.com
cc-expert.com
vaccineexemption.net
goforgreentech.com
800maintenance.services
xn--zimmerei-lking-psb.info
football-latest.mobi
livenetsex.com
christinamossoriginals.com
zebraadz.com
targonia.com
pampashub.com
pallavitatelier.com
aboveallsupplies.com
hyderabadgroceries.com
starpluscommercial.com
Targets
-
-
Target
SALES CONTRACT 914 VIPA ORDER 213581.xlsx
-
Size
587KB
-
MD5
57d15b392c41d1fef88631aa16d1717f
-
SHA1
19edf447fb1f102d85f22df4bdc13f8b5a3504bc
-
SHA256
16b2ff1b7878c49d974b08f7a91669a472c4bfacbfbf486209c6cefe2c117302
-
SHA512
6eba268985edf22d1cd0f6e9f905fc6b1896009fed103b221b100447a6c8d85c8d5316f22a333be61594361bf71c3b411ae30f588e933bb73cc32f745519147d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-