General
-
Target
115-209.doc
-
Size
877KB
-
Sample
211008-nl61aaebam
-
MD5
33ba18af523e6abde86bdd1adf3bf452
-
SHA1
a191108684d44472e1a059d3c9ae34913559874e
-
SHA256
5f4b71e4968e877ecb5b41ce6f780b915cb2666cafc6e5c61434e8cb07600136
-
SHA512
291de77dbddd91786c30ac716fe9b0fed43bc89cd1c652b53d17515324cdf5dd88b8c638e01d79153160efd88399dea45498c4b2b225ddb7019d66437dc2f3af
Static task
static1
Behavioral task
behavioral1
Sample
115-209.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
115-209.doc
Resource
win10v20210408
Malware Config
Extracted
xloader
2.5
noha
http://www.mglracing.com/noha/
iphone13promax.support
trailer-racks.xyz
overseaspoolservice.com
r2d2u.com
dawajeju.com
nextgenproxyvote.com
xn--vhqp8mm8dbtz.group
commonsenserisk.com
cmcqgxtyd.com
data2form.com
bois-applique.com
originallollipop.com
lj0008lj.net
spfldvaccineday.info
phalcosnusa.com
llcmastermachine.com
onlyforu14.rest
bestmarketingautomations.com
officialswitchmusic.com
thepretenseofjustice.com
authenticradio.net
standardizedsubmissions.com
aegnoshipping.com
478762.com
inclusionchecks.com
number-is-04.net
yyds9527.space
big-thought.com
controle2.email
groupninemed.com
fisworkdeck.com
imonbayazid.com
pixlrz.com
headlinebysmp.com
simulatefuck.com
efficientmother.com
wkshops22012.xyz
artehamburguer.com
beauallenpoetry.com
bonairemarathon.com
sprintfingers.com
ranbix.com
denghaoxin.club
jillianvansice.com
purpledge.com
mariadimitropoulou.com
surveyplanetgroup.tech
apocalyptoapertureserrature.net
cbd-cannabis.store
dirtcheapfire.com
xn--zbss74a16j.xn--czru2d
auth-appsgo.com
estchemdelat.space
kweeka.money
marketingtipsntricks.com
dayandwestbeauty.com
paddlercentral.com
nongminle.net
aodesai.store
evtasimaucretleri.com
micj7873.com
unarecord.com
zsnhviig.xyz
hallmark-transport.com
Targets
-
-
Target
115-209.doc
-
Size
877KB
-
MD5
33ba18af523e6abde86bdd1adf3bf452
-
SHA1
a191108684d44472e1a059d3c9ae34913559874e
-
SHA256
5f4b71e4968e877ecb5b41ce6f780b915cb2666cafc6e5c61434e8cb07600136
-
SHA512
291de77dbddd91786c30ac716fe9b0fed43bc89cd1c652b53d17515324cdf5dd88b8c638e01d79153160efd88399dea45498c4b2b225ddb7019d66437dc2f3af
-
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-