General
-
Target
IMS211323.docx
-
Size
10KB
-
Sample
211029-xvmsfaafcp
-
MD5
58edad2a0b7bd0c5048bd95c93272f93
-
SHA1
4fb040d2d994c9cdf2d8e473af6b77c199165f1c
-
SHA256
9e5c300f78e216ccf813deabde818bc1279627e4a605258e657a4049af94c575
-
SHA512
08e0229b0f3c38efe4501fe404174b90b5c50f6423e016ceb4187843f6c10cca2071b91f1119bdbeba68a5b1009ef3cfb800eb0d3014dde35a100d6576987cd3
Static task
static1
Behavioral task
behavioral1
Sample
IMS211323.docx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
IMS211323.docx
Resource
win10-en-20210920
Malware Config
Extracted
https://sezde.com/fU5mP
Extracted
xloader
2.5
euzn
http://www.heser.net/euzn/
235296tyc.com
gold12guide.art
baibuaherb.com
weberwines.tax
chezvitoria.com
aidenb.tech
pitchdeckservice.com
surgeryforfdf.xyz
workunvaccinated.com
hrtaro.com
yourotcs.com
sonimultispecialityclinic.com
consultantadvisors.com
pentesting-consulting.com
dantechs.digital
longshifa.online
taweilai.net
imyusuke.com
cashndashfinancial.com
fasiglimt.quest
jakital.com
graywolfdesign.com
pepeavatar.com
predixlogisticscourier.com
football-transfer-news.pro
herbalmedication.xyz
esd66.com
janesgalant.quest
abcrefreshments.com
chaoxy.com
rediscoveringyouhealing.com
mcrjadr5.xyz
n4sins.com
faithful-presence.com
013yu.xyz
isystemslanka.com
newbeautydk.com
ethiopia-info.com
hgaffiliates.net
anodynemedicalmassage.com
esohgroup.com
clinicamonicabarros.com
rafathecook.com
londonescort.xyz
dreamites.com
webtiyan.com
cnnautorepair.com
soposhshop.com
aarohaninsight2021.com
arceprojects.com
mecasso.store
mirai-energy.com
barwg.com
angeescollections-shop.com
xinlishiqiaoqiao.xyz
linuxsauce.net
dirbn.com
anandiaper.xyz
blackpanther.online
livinwoodbridgefarms.com
diepraxiskommunikation.com
radiosaptshahid.com
gofieldtest.com
minxtales.com
Targets
-
-
Target
IMS211323.docx
-
Size
10KB
-
MD5
58edad2a0b7bd0c5048bd95c93272f93
-
SHA1
4fb040d2d994c9cdf2d8e473af6b77c199165f1c
-
SHA256
9e5c300f78e216ccf813deabde818bc1279627e4a605258e657a4049af94c575
-
SHA512
08e0229b0f3c38efe4501fe404174b90b5c50f6423e016ceb4187843f6c10cca2071b91f1119bdbeba68a5b1009ef3cfb800eb0d3014dde35a100d6576987cd3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-