General
-
Target
MV DINA QUEEN.xlsx
-
Size
362KB
-
Sample
210924-kl4clsgdbp
-
MD5
fbfc394ab56cdb94824a714d6df7bd85
-
SHA1
1d83fbbee591cfba2e0a87f62b7678f93d2ae688
-
SHA256
48d0ccf6fdb10d9f0d93f8f29bea21d517a7ab2c849c1dd3cb42e025ddf1b555
-
SHA512
012c1471b6dac6796999d85b99b365d5e267f9d87a81dadf836b65cf83471edc8deeba446f0770d870ff8c975a9cfdec692b3f9a33bcec19e28e79f15be78dd5
Static task
static1
Behavioral task
behavioral1
Sample
MV DINA QUEEN.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MV DINA QUEEN.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
arup
http://www.sapphiretype.com/arup/
mezonpezon.com
bellapbd.com
xn--2kr800ab2z.group
cupecoysuites.com
extractselect.com
cherrycooky.com
reshawna.com
bluewinetours.com
dez2fly.com
washedproductions.com
om-asahi-kasei-jp.com
talkingpoint.tours
avaspacecompany.com
fbtvmall.com
trocaoferta.com
mionegozio.com
reitschuetz.com
basepicks.com
networkagricity.com
kastore.club
groovydeer.com
realisa.net
891708.com
naveenachittibiyina.com
guizhouawj.com
royaltortoisecookieco.online
scubafarm.com
sibo.care
rapi-vet.com
metaid.website
shadoworksart.com
gratitudegalore.com
penhal.com
fetch-an-us-itchy.zone
melisaakyolicmimarlik.com
yiweise.com
sofasstorremolinos.com
rfanil.com
metaverselemon.com
theholidaymovieplanner.com
n4sins.com
fortcor.com
galaxysingle.com
gzwqpsyj.com
azur-riviera-rental.com
bharathpaperbagmachine.com
pinup722bk.com
darkness.global
theihearthotel.com
wecowork.net
big-thoughtconsulting.com
ricartepinlac.com
beatsingh.com
xn--e6qg25lq0kdudqy7g.com
zkingstore.com
gd83574.com
jiajssie.xyz
patientempowered.care
tiannuoxxrp.top
itsnalab.com
ioumal.com
bellinghamapartment.com
sakibotchi.com
jessicapets.com
Targets
-
-
Target
MV DINA QUEEN.xlsx
-
Size
362KB
-
MD5
fbfc394ab56cdb94824a714d6df7bd85
-
SHA1
1d83fbbee591cfba2e0a87f62b7678f93d2ae688
-
SHA256
48d0ccf6fdb10d9f0d93f8f29bea21d517a7ab2c849c1dd3cb42e025ddf1b555
-
SHA512
012c1471b6dac6796999d85b99b365d5e267f9d87a81dadf836b65cf83471edc8deeba446f0770d870ff8c975a9cfdec692b3f9a33bcec19e28e79f15be78dd5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-