General
-
Target
catalogue_2021_samples_list_revise_ol.xlsm
-
Size
22KB
-
Sample
211104-g928nsdahm
-
MD5
dcc165863b274e869ea3fcad7499b793
-
SHA1
fb38b9c991744087932066e5e6ba9ea5377030cf
-
SHA256
8ceae17c6a9fec00be0b94843b44fd2b19909cc080fcaa3a29a994f98ee6bc3a
-
SHA512
5ee459191858947e3273e05e53404ef76779dce9b8f60ed2d6f0f888543af0585d1e46c3bb0e5296b2cd2c63883b6f51f8a27efff8b695e52ffaca73a1b2c10e
Static task
static1
Behavioral task
behavioral1
Sample
catalogue_2021_samples_list_revise_ol.xlsm
Resource
win7-en-20210920
Malware Config
Extracted
http://84.252.122.23/acs/msn.exe
Extracted
xloader
2.5
pufi
http://www.homestechs.com/pufi/
fusiongroupgames.net
hugevari.com
rebeccagriffiths.com
trocaoferta.com
theslashapp.com
codezonesoftware.xyz
sottocommunications.com
minicreators.online
course2millions.com
hfm5n1dhkjqwpe.xyz
xlab-ub.com
silvanaribeirocake.com
thefabinteriordesign.com
mg-leadership.com
petbort.com
ndust.net
203040302.xyz
jakital.com
shophuunghia.info
rednacionaldejuecesrd.net
mauricioeanderson.com
robinbirrell.top
zarazira.com
rescueandrestoreministries.net
tureformamadrid.com
heesafe.com
mistergoo.com
reklamilanlar018.xyz
dailygossiping.com
theebook.guru
keepkalmm.com
teamlsu.club
kendyraedesigns.com
suddennnnnnnnnnnn13.xyz
panaceapp.com
visionaryking83.com
50003008.com
bikingforbalance.com
nishiki-sougou.com
bricokitchen.com
478739.com
donaldpowers.store
lesspricebd.com
xn--tfr61gf5uuhm.group
mysterypowerbike.com
fractalmerch.xyz
foreverphotos0910.net
hungama-play30.online
negotrad.com
afroonline.net
avalche.com
northfacemall.online
deals4me.store
nadanadif.com
lnstagrarn-security.com
lewismiddleton.com
tefatistmus.quest
adavici.com
madnext.online
astraherb.com
phnurse.com
opinionprofesional.com
gameshill.net
kagakubushitsu.com
Targets
-
-
Target
catalogue_2021_samples_list_revise_ol.xlsm
-
Size
22KB
-
MD5
dcc165863b274e869ea3fcad7499b793
-
SHA1
fb38b9c991744087932066e5e6ba9ea5377030cf
-
SHA256
8ceae17c6a9fec00be0b94843b44fd2b19909cc080fcaa3a29a994f98ee6bc3a
-
SHA512
5ee459191858947e3273e05e53404ef76779dce9b8f60ed2d6f0f888543af0585d1e46c3bb0e5296b2cd2c63883b6f51f8a27efff8b695e52ffaca73a1b2c10e
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-