General
-
Target
Romai Sports LLC Presentation 1.xlsx
-
Size
369KB
-
Sample
211021-wlbhdabebk
-
MD5
f7f005fadf80e48c5deda7686b478da1
-
SHA1
67f72bcc1f885d3e6ca81b2297ec1fd9c5924fb9
-
SHA256
4015c5ebb42790e7499366372aa4dbaac51dfc6ab790f7687b10311a08ce1f57
-
SHA512
cbddcf8cca06d3079dcc82994b33d0f6fe08a6257862ca360226561d1013af06e290fb239f2f29e4d60eaabc57b6d3bc963b948f61b1567a76001be27b42eb7a
Static task
static1
Behavioral task
behavioral1
Sample
Romai Sports LLC Presentation 1.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Romai Sports LLC Presentation 1.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
sb6n
http://www.best5amazon.com/sb6n/
bogosamba.com
inmobiliariapuertalavilla.com
nopressurewellness.com
hairshopamity.com
epicmoments360.com
tutorgpa.com
fucibou.xyz
135631.com
portraydashcam.com
raqsarabia.com
okantis.net
vongquaykimcuongfreefire.online
prodom.online
5537sbishop.info
lisakenneyinc.com
fivetime.xyz
borzv.com
joungla.com
mas-urbano.com
sjczyw.com
kanesia.com
cursovendasafiliagram.website
lumledstore.com
id-434563.site
tinkerform.com
chainedorchange.com
147149cale.com
windmillbusiness.com
moccocity.com
linkinsense.net
asportrans.com
texasmotorcycletransport.com
unviajeinsospechado.com
rishaande.tech
happylifecompanies.com
thewtot.com
homeyhousy.com
schoolx.space
gr-pcs.com
bedrocksolution.net
investorsbamk.com
rewoodlovro.quest
scratchforce.com
roosteco.com
zacharyparkerporward5.com
itranslate.club
mastessrhalco.com
jytyxyc.xyz
theelegantflamestore.com
grausalvarez.com
riveroakdevelopment.com
intervalagency.com
yugenft.com
6672pk.com
euphoricpucci.com
sedlmayer.gmbh
caricomrealestate.online
herseymagazamda.com
kefirusa.com
royalclnglegacy.com
toptanalcimalzemeleri.com
recbi56ni.com
transformdom.net
writersmight.com
Targets
-
-
Target
Romai Sports LLC Presentation 1.xlsx
-
Size
369KB
-
MD5
f7f005fadf80e48c5deda7686b478da1
-
SHA1
67f72bcc1f885d3e6ca81b2297ec1fd9c5924fb9
-
SHA256
4015c5ebb42790e7499366372aa4dbaac51dfc6ab790f7687b10311a08ce1f57
-
SHA512
cbddcf8cca06d3079dcc82994b33d0f6fe08a6257862ca360226561d1013af06e290fb239f2f29e4d60eaabc57b6d3bc963b948f61b1567a76001be27b42eb7a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-