General
-
Target
_Payment Advise.doc
-
Size
337KB
-
Sample
211022-t2hkhscgcr
-
MD5
20fd7e5095e76d04d33d30a75ab371ac
-
SHA1
31549d4f459e52ec34a0cf2c20a1f79dd08a385e
-
SHA256
6c1b4e7a9293f13eeca94e2ce5aa97d358492bd3e9fa76716c119300e6d5da37
-
SHA512
7675b4b2032c35a3140e5d7b2ffc850bb64443eed6342bd434a0eb3be5d2851c913ecd4d839890adc28d54d23161b9a9feed1fb7d948bc8fc0511a98ecee5cf7
Static task
static1
Behavioral task
behavioral1
Sample
_Payment Advise.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
_Payment Advise.doc
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
k8u7
http://www.ardisadr.online/k8u7/
ly3389.com
biggergrip.com
guitarbadon.net
zbjiachuang.com
maaratechnology.com
perdiemsuites.com
israel-grahamcoates.com
blackbirdfarmette.com
klhobbies.com
locdinzone.com
bestinvest-4-you.com
howtofindbantingbalance.com
kairoslabs.online
hteaz.com
banjjakdesign.com
reworkgear.com
oklahomaexcavation.com
tenloe051.xyz
blockchainpress.info
panchotrucking.com
prosperwithrose.com
tutuum.com
growingainzfitness.net
bra866.com
feignco.com
suzannesbooks.com
druid-club.store
begomago.com
tuerkscout.com
htlyoga.com
meloba.com
sosomoon.com
trendingintown.com
guidedwaveradar.com
doesaffiliatemarketing.xyz
nibykoo5.xyz
lv.company
theascententerprises.com
mywallofnfts.com
harpo-solutions.com
oliverchilde.top
gharkraft.com
promo-airdrop.com
dualipaminneapolis.com
gsjbd25.club
usmartdm.com
lebonespoir.com
3ebpa4asef.com
signalist.xyz
868h.asia
dryjancan.com
thevwcblog.com
mckinneysfinest.com
trustedpresident.com
sugarmamascandybars.com
alfilermarketing.com
classicshoes.club
the-vintage-image-shop.xyz
fyvisuals.com
etc-meisai1.tech
ecopolymer.group
movingtolincolnca.com
mbdesign-wordpress.com
hpywk.com
Targets
-
-
Target
_Payment Advise.doc
-
Size
337KB
-
MD5
20fd7e5095e76d04d33d30a75ab371ac
-
SHA1
31549d4f459e52ec34a0cf2c20a1f79dd08a385e
-
SHA256
6c1b4e7a9293f13eeca94e2ce5aa97d358492bd3e9fa76716c119300e6d5da37
-
SHA512
7675b4b2032c35a3140e5d7b2ffc850bb64443eed6342bd434a0eb3be5d2851c913ecd4d839890adc28d54d23161b9a9feed1fb7d948bc8fc0511a98ecee5cf7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-