General
-
Target
Sales Agreement 17-11-21.doc
-
Size
12KB
-
Sample
211118-kzf48scbck
-
MD5
14be4834507505c85ed0790ceeebe5ba
-
SHA1
61e1afbec7f215e598a424614bb43df95e5d4fbc
-
SHA256
315b35059792a62e53ef2443f0fd5ce87509a4b7d9c84b3a679940ef785adb42
-
SHA512
d6172ad1f19ecb356fa3d0e5aa31d6712108fc31ae7d08b5efd9dae871666a5fb8ce60a41fd38f180135599e363d1908c4e4d34b69964dcae700f9f4fb315126
Static task
static1
Behavioral task
behavioral1
Sample
Sales Agreement 17-11-21.doc
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Sales Agreement 17-11-21.doc
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
unzn
http://www.davanamays.com/unzn/
xiulf.com
highcountrymortar.com
523561.com
marketingagency.tools
ganmovie.net
nationaalcontactpunt.com
sirrbter.com
begizas.xyz
missimi-fashion.com
munixc.info
daas.support
spaceworbc.com
faithtruthresolve.com
gymkub.com
thegrayverse.xyz
artisanmakefurniture.com
029tryy.com
ijuubx.biz
iphone13promax.club
techuniversus.com
samrgov.xyz
grownupcurl.com
sj0755.net
beekeeperkit.com
richessesabondantes.com
xclgjgjh.net
webworkscork.com
vedepviet365.com
bretabeameven.com
cdzsmhw.com
clearperspective.biz
tigrg5g784sh.biz
bbezan011.xyz
mycar.store
mansooralobeidli.com
ascensionmemberszoom.com
unlimitedrehab.com
wozka.top
askylarkgoods.com
rj793.com
prosvalor.com
primetimeexpress.com
boixosnoisperu.com
mmasportgear.com
concertiranian.net
hyponymys.info
maila.one
yti0fyic.xyz
shashiprayag.com
speedprosmotorsports.com
westchestercountyjunkcars.com
patienceinmypocket.com
rausachbaoloc.com
plexregroup.com
outsydercs.com
foodandflour.com
lenacrypto.xyz
homeservicetoday.net
marthaperry.com
vmtcyd4q8.com
shamefulguys.com
loccssol.store
gnarledportra.xyz
042atk.xyz
Targets
-
-
Target
Sales Agreement 17-11-21.doc
-
Size
12KB
-
MD5
14be4834507505c85ed0790ceeebe5ba
-
SHA1
61e1afbec7f215e598a424614bb43df95e5d4fbc
-
SHA256
315b35059792a62e53ef2443f0fd5ce87509a4b7d9c84b3a679940ef785adb42
-
SHA512
d6172ad1f19ecb356fa3d0e5aa31d6712108fc31ae7d08b5efd9dae871666a5fb8ce60a41fd38f180135599e363d1908c4e4d34b69964dcae700f9f4fb315126
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-