General
-
Target
Shipment DOC.xlsx
-
Size
201KB
-
Sample
211103-ye16kabgfp
-
MD5
0932ca4178bdbaa6f66f9229a87fda8d
-
SHA1
51edadb95a4b5891e9faa0b5a7dde66270626d15
-
SHA256
e1bb1bcac492f414b5c80348b6194462bbf3c6fa03f8b8597842f13d6fd6489f
-
SHA512
6033e0c19266551e94603a74e6ccc4b4c79e32c74b82d9e0924475592e4a903967dafe5384b9e02c4ea22ca6f894cf5c83e74733ebcd634c577691cc4e074438
Static task
static1
Behavioral task
behavioral1
Sample
Shipment DOC.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Shipment DOC.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
i3gs
http://www.casacampestreelrocio.com/i3gs/
mobizoneoficial.com
gkdesignerjal.com
takut8.com
yh88ff.com
zauqeshayari.com
wil-wei.store
baipees.com
pawaddictsva.com
sexnft.xyz
guizuzbj.com
impfpflicht.net
australiaaddictioncenters.com
beatsingh.com
fominospratico.com
papeisonline.com
asesoriaventajoyas.com
climasfesan.com
foodfar.space
dailyhealthelp.com
blackmagiccomics.com
officialprokodsukses.icu
poeticmodern.com
konfliktschlichter.com
psquarekiddieswatch.com
chascrt.com
theselfishbrandofficial.com
assetsunlimitted.com
lacoliteracy.solutions
angrybirds-game-online.com
golnay.com
vrchneistine.quest
adeelrazza.com
deirdrelewis.com
atownspiceshop.com
ss-traders.net
monsieurtechno.com
iddh5.com
stratejikfokus.online
mehmetmercan.com
drezodecor.com
wetandwild.net
sheriedavismusic.com
nonendangered.com
jollystnpasumo5.xyz
nicedoula.store
jrljjsb.com
twainteam.com
stockholderdemocracy.com
amilma.xyz
capitalshareclub.com
karadaluck.com
smartcontractproauditor.com
xn--mst-amsterdam-imb.com
trustfundmc.xyz
limitlessmotorsinc.com
southeasterninsgroup.com
pavitrafabtech.com
300editors.com
thesolsticestore.com
alqeen.com
ny-homerentals.com
xn--zfrpk130c0lb.xn--czru2d
cuttingpaprika.com
superaltars.com
Targets
-
-
Target
Shipment DOC.xlsx
-
Size
201KB
-
MD5
0932ca4178bdbaa6f66f9229a87fda8d
-
SHA1
51edadb95a4b5891e9faa0b5a7dde66270626d15
-
SHA256
e1bb1bcac492f414b5c80348b6194462bbf3c6fa03f8b8597842f13d6fd6489f
-
SHA512
6033e0c19266551e94603a74e6ccc4b4c79e32c74b82d9e0924475592e4a903967dafe5384b9e02c4ea22ca6f894cf5c83e74733ebcd634c577691cc4e074438
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-