General
-
Target
Enquiry docs.zip
-
Size
246KB
-
Sample
211026-b1w3eahfck
-
MD5
50fd6589fce8b273570e1130dded5761
-
SHA1
f4f5209ad44ae7ca5a216ee08e2d82eb5d5e9f82
-
SHA256
c6fd5cd65ad33c112f367478404014e7e20c487e1ee57a460ad568a352b91f40
-
SHA512
cd1598eb7427c2c9a76a386ce5f77b683bc204191cd07b84683e0fd723e92f314e86ec50f13cfabd27d3507871149e0a3540d1319248282156ecef328a980d7c
Static task
static1
Behavioral task
behavioral1
Sample
Enquiry docs.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
ga6b
http://www.egyptian-museum.com/ga6b/
diasporacospices.com
sd-shenghe.com
onlinewritingjobs.net
greenstreamgroup.store
garageair.agency
idh-bf.com
middenhavendambreskens.com
szkoleniawcag.online
wiremefeelings.com
ottosperformance.com
brothermush.com
weiserpath.com
baohiemtv24h.com
glassgalaxynft.com
spiritualmind.space
18130072012.com
3v0.space
smartgadgetscompare.com
corvusexpeditii.xyz
egcontabilidade.website
find0utnowfy.info
soulwinningministry.com
digitaldreamcloud.net
service-portal-kundendaten.com
theselectdifference.com
burodev.com
mustafacesuryildiz.com
grupodeinvestigacion.com
toyotadisurabaya.com
partnerbenifits.com
belledescontos.com
nobodybutgod.com
bumiths.com
acacave.com
septoctets.xyz
www73w.xyz
afghantattoos.com
interiorsbe.com
ara7z.com
qqcx666888.top
onra.top
sunfucker.net
suhuabo.com
tangerineinit.com
era636.com
lovenft.xyz
maviesurdvd.com
gullatz-consulting.com
duopasteleras.com
mystudentregistration.com
5559913.win
gritzcharlestonluxuryinn.store
themexicanbg.com
senshop.store
woodentoysforkids.store
globalgamelan.com
anjumanmuhibaneabbas.com
seattleinsurancebrokers.com
naiduteja049.info
traction.legal
twisteid.com
necesryaou.com
apan-group.com
infinityrope.store
Targets
-
-
Target
Enquiry docs.exe
-
Size
259KB
-
MD5
57e634d27ebeb3eb96a21efb56654952
-
SHA1
3a73a99013039be2615cbefd0cba1e4f5d10ea45
-
SHA256
d0df1d753742cd9d3144c77f0b343aac22fdab2a2d32bd41872dd838e2eb8a34
-
SHA512
20626c979cee7d4780d95c020e7ee92719595d56f6e5bcdd40a7f746c89f8961c1441c2e8867110478a093bfde4c2085f27b42baf0296274d8f049c2e28de844
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-