General
-
Target
KVD 25180299.xlsx
-
Size
488KB
-
Sample
211028-sqr45sgegm
-
MD5
3ea4d7fa257736ee5499186011e4de92
-
SHA1
7c3796317e67bd5c361123e1ab88fb0a7802ede9
-
SHA256
27b4c7536a4044b0f7a08db959059c15883e080c56f81bf2c985c377cb3ebbad
-
SHA512
b1adcc108f65b618ada3774998c6115548bd7c8ef362306ff8b549f313e47d5294803863f1f5351dd4b01414cf86a948b3075e6b0da80860f3bbd70e898b1f3c
Static task
static1
Behavioral task
behavioral1
Sample
KVD 25180299.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
KVD 25180299.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
dnz9
http://www.chunhejingming.com/dnz9/
rafiqueandbrothers.com
goldenpeacock.asia
youngliving1.com
rtxoffers.xyz
southernrustllc.com
becomemoreamerican.com
chrapania.com
babedad.com
dttrransportjunkremoval.com
contemporarytaste.net
windfly.online
eatnewlyone.xyz
funeralarorg.com
candlecandlesshop.com
emexcaraccessories.com
nutmegmassage.com
053152277.xyz
blissnewsletter.com
cyys23.com
dayral-review.com
bricnbroc.fr
gratishoortoestel.info
notablybravo.net
ktnrape.xyz
moussevision.com
limitlessbettings.com
redilegal.com
wafflebank.com
virginiapaddlers.com
bra866.com
xuelingjun.com
beestrongcbd.com
distinctivemotoring.com
criticalnet.net
desideals.today
foxxloop.com
ioumal.com
bestofwestpalmbeach.info
kuechenmann.com
averysanswers.com
adellbiofoods.com
a10pm.com
boatloadoflemonade.com
marialuisaantonelli.com
sypcontadores.com
francesca-daniel.com
nobis.care
cryptohelpassists.xyz
mvesga.com
solgoewaste.com
mammalians.com
benchmarklandscapingfl.com
crown-crossline.space
comicmonk.com
helpfromjames.com
com103940689794.icu
lifeofchickens.com
thehuntnewsletter.com
tipplesmith.net
sandman.network
rancrontrading.com
thewitchandcauldron.com
onwardtransportation.com
tweeddixie.com
Targets
-
-
Target
KVD 25180299.xlsx
-
Size
488KB
-
MD5
3ea4d7fa257736ee5499186011e4de92
-
SHA1
7c3796317e67bd5c361123e1ab88fb0a7802ede9
-
SHA256
27b4c7536a4044b0f7a08db959059c15883e080c56f81bf2c985c377cb3ebbad
-
SHA512
b1adcc108f65b618ada3774998c6115548bd7c8ef362306ff8b549f313e47d5294803863f1f5351dd4b01414cf86a948b3075e6b0da80860f3bbd70e898b1f3c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-