General
-
Target
0014.xlsx
-
Size
392KB
-
Sample
211029-jyvqkahfcp
-
MD5
4a4935f0b21078ed884aba51e0180900
-
SHA1
848e0796cea2c931bc39d92e0c763175a87b4a87
-
SHA256
fc9dd028870ac7c508f0b40d747c8a5ab65a9af1da88a8f931488bee2119b505
-
SHA512
aa294d61097d0253a85ec0c387821939e6fd694b6c098bee47f05122d91925a0825b7772ab6439e81dbc646c3af79b088b76b53d65d51a26a5b115159021ee34
Malware Config
Extracted
xloader
2.5
ht08
http://www.septemberstockevent200.com/ht08/
joye.club
istanbulemlakgalerisi.online
annikadaniel.love
oooci.com
curebase-test.com
swisstradecenter.com
hacticum.com
centercodebase.com
recbi56ni.com
mmj0115.xyz
sharpstead.com
sprklbeauty.com
progettogenesi.cloud
dolinum.com
amaroqadvisors.com
traininig.com
leewaysvcs.com
nashhomesearch.com
joy1263.com
serkanyamac.com
Targets
-
-
Target
0014.xlsx
-
Size
392KB
-
MD5
4a4935f0b21078ed884aba51e0180900
-
SHA1
848e0796cea2c931bc39d92e0c763175a87b4a87
-
SHA256
fc9dd028870ac7c508f0b40d747c8a5ab65a9af1da88a8f931488bee2119b505
-
SHA512
aa294d61097d0253a85ec0c387821939e6fd694b6c098bee47f05122d91925a0825b7772ab6439e81dbc646c3af79b088b76b53d65d51a26a5b115159021ee34
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-