General
-
Target
scanjet 025001921.docx
-
Size
10KB
-
Sample
211025-chvbjagdel
-
MD5
58c99415952066ce2de643366e6690b8
-
SHA1
ddc5fc30f556e6d597a0db1a06f9b514528b38fc
-
SHA256
4c882c0d1ea5a377d8f3f46e429205ac1842276fcb7c2ceb5f3f466292acee3b
-
SHA512
df37b491a9d7bb934ec68bd4675773748e702e7ec1f3422e0f1ab7f86af8d5f5143455f9320b25961a7377aa28a4a7d35d0765cda5d659e94963a2d7a1974b11
Static task
static1
Behavioral task
behavioral1
Sample
scanjet 025001921.docx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
scanjet 025001921.docx
Resource
win10-en-20211014
Malware Config
Extracted
http://104.168.32.55/..-.-.-.-...-------------------wii...................wiz........wii.wiz......wii.......wiz/...-------.-.-.-.-.-.....................wii.wiz......wiz............wi.wiz...........wiz
Extracted
xloader
2.5
fpdi
http://www.walletwriter.space/fpdi/
jencio.com
b9jty7.com
banahinvestments.com
capitolfurniture.net
jlvip1086.com
pompeyocargo.com
designbyshubhi.info
elbauldepecas.com
bracelexx.online
advanceporbrx.xyz
ruihongco.com
wipemirecord.com
goodfoodsme.com
sommpick.com
rangilugujarat.com
realestate5g.com
spunkdlashes.com
palisadestahoehousing.com
brandingsocal.com
privatejetsboston.com
strataguide.com
pragmatismtoday.com
teslapro1.com
picturebookoriginals.com
nbrus.com
lafon-fr.com
studyallenergy.com
opensourcedao.com
cerulecode.com
c2spreader.info
hamiker.com
slimming-belt.store
myraandmarlow.com
sellanycar.online
mokkaoffice.com
strazde.com
haharate.quest
xgustify.xyz
sisoow.rest
awesomeclub98.club
ashleymariephotographyllc.com
mobilethaimassageatl.com
petswastepickup.com
eco1tnpasumo1.xyz
social-nudge.com
osmorobotics.com
99044222.com
xuebaousa.com
madisonbroadband.com
lisworldart.com
tzuzulcode.com
gonzagacargo.com
kanpekisien.com
currysrilanka.com
designedairservices.com
sato76.com
weinsteinanddouglas.com
gearella.com
tes5ci.com
obatkuatsemarang.xyz
tdaiarquitectura.com
reshawna.com
pfmtime.com
eastendfinancial.com
Targets
-
-
Target
scanjet 025001921.docx
-
Size
10KB
-
MD5
58c99415952066ce2de643366e6690b8
-
SHA1
ddc5fc30f556e6d597a0db1a06f9b514528b38fc
-
SHA256
4c882c0d1ea5a377d8f3f46e429205ac1842276fcb7c2ceb5f3f466292acee3b
-
SHA512
df37b491a9d7bb934ec68bd4675773748e702e7ec1f3422e0f1ab7f86af8d5f5143455f9320b25961a7377aa28a4a7d35d0765cda5d659e94963a2d7a1974b11
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-