General
-
Target
JEP Sports Player Rating.xlsx
-
Size
366KB
-
Sample
211021-gzc6ssagen
-
MD5
4fb3e59606677f24794e9d10668cebeb
-
SHA1
8f8e1f1c84523cbc96d934c4ba30f910772f4754
-
SHA256
7f1234fef1cd3abb7a451afc69c458b03fd125e1a553b5af679bc79297986be5
-
SHA512
2c5cd7e0747caf6f7e93323da826fd515fdcf2b29f7f3aa01c16818d5a238089b84547b7eced1b20dc868d79d442f9c1f7fb675c992a2b6e004bb8fcf2d9662f
Static task
static1
Behavioral task
behavioral1
Sample
JEP Sports Player Rating.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
JEP Sports Player Rating.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
sb6n
http://www.best5amazon.com/sb6n/
bogosamba.com
inmobiliariapuertalavilla.com
nopressurewellness.com
hairshopamity.com
epicmoments360.com
tutorgpa.com
fucibou.xyz
135631.com
portraydashcam.com
raqsarabia.com
okantis.net
vongquaykimcuongfreefire.online
prodom.online
5537sbishop.info
lisakenneyinc.com
fivetime.xyz
borzv.com
joungla.com
mas-urbano.com
sjczyw.com
kanesia.com
cursovendasafiliagram.website
lumledstore.com
id-434563.site
tinkerform.com
chainedorchange.com
147149cale.com
windmillbusiness.com
moccocity.com
linkinsense.net
asportrans.com
texasmotorcycletransport.com
unviajeinsospechado.com
rishaande.tech
happylifecompanies.com
thewtot.com
homeyhousy.com
schoolx.space
gr-pcs.com
bedrocksolution.net
investorsbamk.com
rewoodlovro.quest
scratchforce.com
roosteco.com
zacharyparkerporward5.com
itranslate.club
mastessrhalco.com
jytyxyc.xyz
theelegantflamestore.com
grausalvarez.com
riveroakdevelopment.com
intervalagency.com
yugenft.com
6672pk.com
euphoricpucci.com
sedlmayer.gmbh
caricomrealestate.online
herseymagazamda.com
kefirusa.com
royalclnglegacy.com
toptanalcimalzemeleri.com
recbi56ni.com
transformdom.net
writersmight.com
Targets
-
-
Target
JEP Sports Player Rating.xlsx
-
Size
366KB
-
MD5
4fb3e59606677f24794e9d10668cebeb
-
SHA1
8f8e1f1c84523cbc96d934c4ba30f910772f4754
-
SHA256
7f1234fef1cd3abb7a451afc69c458b03fd125e1a553b5af679bc79297986be5
-
SHA512
2c5cd7e0747caf6f7e93323da826fd515fdcf2b29f7f3aa01c16818d5a238089b84547b7eced1b20dc868d79d442f9c1f7fb675c992a2b6e004bb8fcf2d9662f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-