General
-
Target
100197.doc
-
Size
190KB
-
Sample
211110-jdj4bsdfhp
-
MD5
a51beb4cee3604bc8ab1c7c9f5e7d5c1
-
SHA1
22d24e750b96783e24da802dcac3e4367d83befa
-
SHA256
59de39d60fee5b2a853c4e4bd62ce6ea5054373938b8afbb159d60102f88e989
-
SHA512
c406ee9bfb3425caf97e26626dbba30aa7a305be0f1732f2a7b4225e877468a0b12aa531d0c495bb3aac6f192966e92daa419ec01ec94e5f5ef50a8f851fc543
Static task
static1
Behavioral task
behavioral1
Sample
100197.doc
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
100197.doc
Resource
win10-en-20211104
Malware Config
Extracted
xloader
2.5
unzn
http://www.davanamays.com/unzn/
xiulf.com
highcountrymortar.com
523561.com
marketingagency.tools
ganmovie.net
nationaalcontactpunt.com
sirrbter.com
begizas.xyz
missimi-fashion.com
munixc.info
daas.support
spaceworbc.com
faithtruthresolve.com
gymkub.com
thegrayverse.xyz
artisanmakefurniture.com
029tryy.com
ijuubx.biz
iphone13promax.club
techuniversus.com
samrgov.xyz
grownupcurl.com
sj0755.net
beekeeperkit.com
richessesabondantes.com
xclgjgjh.net
webworkscork.com
vedepviet365.com
bretabeameven.com
cdzsmhw.com
clearperspective.biz
tigrg5g784sh.biz
bbezan011.xyz
mycar.store
mansooralobeidli.com
ascensionmemberszoom.com
unlimitedrehab.com
wozka.top
askylarkgoods.com
rj793.com
prosvalor.com
primetimeexpress.com
boixosnoisperu.com
mmasportgear.com
concertiranian.net
hyponymys.info
maila.one
yti0fyic.xyz
shashiprayag.com
speedprosmotorsports.com
westchestercountyjunkcars.com
patienceinmypocket.com
rausachbaoloc.com
plexregroup.com
outsydercs.com
foodandflour.com
lenacrypto.xyz
homeservicetoday.net
marthaperry.com
vmtcyd4q8.com
shamefulguys.com
loccssol.store
gnarledportra.xyz
042atk.xyz
Targets
-
-
Target
100197.doc
-
Size
190KB
-
MD5
a51beb4cee3604bc8ab1c7c9f5e7d5c1
-
SHA1
22d24e750b96783e24da802dcac3e4367d83befa
-
SHA256
59de39d60fee5b2a853c4e4bd62ce6ea5054373938b8afbb159d60102f88e989
-
SHA512
c406ee9bfb3425caf97e26626dbba30aa7a305be0f1732f2a7b4225e877468a0b12aa531d0c495bb3aac6f192966e92daa419ec01ec94e5f5ef50a8f851fc543
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-