General
-
Target
9aaf287388698afd5ef8bfeb1fb8ee24
-
Size
23KB
-
Sample
211021-lyxk9sahgr
-
MD5
9aaf287388698afd5ef8bfeb1fb8ee24
-
SHA1
97c0f28698ddc4e9b512a37f0230de3846922649
-
SHA256
c01942eeca190f7672db0e7e3322a21b52c66f669b41f1dd0ef852c8dd003cb3
-
SHA512
e634eea49486d6cc8a0f3227b674184eff9ba57afa1a26f708687ef92f21d4ac979be19fad65c4430f4fb31e9746b286cad83ed3c1f668823bc66667e6c8dfe3
Static task
static1
Behavioral task
behavioral1
Sample
9aaf287388698afd5ef8bfeb1fb8ee24.rtf
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
9aaf287388698afd5ef8bfeb1fb8ee24.rtf
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
mxnu
http://www.naplesconciergerealty.com/mxnu/
insightmyhome.com
gabriellamaxey.com
029atk.xyz
marshconstructions.com
technichoffghosts.com
blue-ivy-boutique-au.com
1sunsetgroup.com
elfkuhnispb.store
caoliudh.club
verifiedpaypal.net
jellyice-tr.com
gatescres.com
bloomberq.online
crystaltopagent.net
uggs-line.com
ecommerceplatform.xyz
historyofcambridge.com
sattaking-gaziabad.xyz
digisor.com
beachpawsmobilegrooming.com
whitebot.xyz
zacky6.online
qlfa8gzk8f.com
scottjasonfowler.com
influxair.com
desongli.com
xn--w7uy63f0ne2sj.com
pinup722bk.com
haohuatour.com
dharmathinkural.com
hanjyu.com
tbrhc.com
clarityflux.com
meltonandcompany.com
revgeek.com
onehigh.club
closetu.com
yama-nkok.com
brandonhistoryandinfo.com
funkidsroomdecor.com
epilasyonmerkeziankara.com
265411.com
watch12.online
dealsbonaza.com
gold2guide.art
tomclark.online
877961.com
washingtonboatrentals.com
promovart.com
megapollice.online
taquerialoteria.com
foxsontreeservice.com
safebookkeeping.com
theeducationwheel.online
sasanos.com
procurovariedades.com
normandia.pro
ingdalynnia.xyz
campusguideconsulting.com
ashramseries.com
clubcupids.art
mortgagerates.solutions
deepscanlabs.com
insulated-box.com
Targets
-
-
Target
9aaf287388698afd5ef8bfeb1fb8ee24
-
Size
23KB
-
MD5
9aaf287388698afd5ef8bfeb1fb8ee24
-
SHA1
97c0f28698ddc4e9b512a37f0230de3846922649
-
SHA256
c01942eeca190f7672db0e7e3322a21b52c66f669b41f1dd0ef852c8dd003cb3
-
SHA512
e634eea49486d6cc8a0f3227b674184eff9ba57afa1a26f708687ef92f21d4ac979be19fad65c4430f4fb31e9746b286cad83ed3c1f668823bc66667e6c8dfe3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-