General
-
Target
REMITTANCE ADVICE.xlsx
-
Size
228KB
-
Sample
211125-vgv6jsfhdl
-
MD5
2caab2292b282e6a5dea1cf78f84924a
-
SHA1
86f37c31091b15cca135490a84eb52027bb1a4df
-
SHA256
4c84124c87cd46ce58a7a8208ad1674c4a270793f9a6158e80fd28f96b3cc844
-
SHA512
70590f55c98c31fb7b2a95cb6d6b63917e1fa0f868c3af852a805d45cbb176356a4b1dc1431ef908c680821730d0d02948956c03388fcee6fcf6bbd661d55733
Static task
static1
Behavioral task
behavioral1
Sample
REMITTANCE ADVICE.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
REMITTANCE ADVICE.xlsx
Resource
win10-en-20211104
Malware Config
Extracted
xloader
2.5
m07f
http://www.ff4cu6twc.xyz/m07f/
khitthit.club
kczu.net
caylalamar.com
iixiazai.com
nickatwoodrealestate.com
006664.com
strimsbdltd.com
mykyhouse.com
flyestkicks.com
campingwithoutcanvas.com
sarishamisen.com
retrorecycling.com
zw4azsjb3cuj.biz
lokasennaservices.com
charleswagner.xyz
smmbazar.net
rebornmkt.com
clicktoreach.com
alendigital.xyz
carehrc.com
locationdevice.online
homevoru.com
electrahealth.clinic
punto-linea-espacio.com
yhxt13800.com
pancakeshares.com
artdecooutdoor.com
phg-formation.com
businessagilitysessions.com
procofun.com
thekatz.group
casepoo.com
tokofebri.store
crippledom.com
online-shrine-ltd.com
jesbon.com
ligoom.com
odonofally.quest
tender.guru
payments-gate-325r.xyz
bfcmtld.com
scoocs.info
welderstexas.com
eastendfinances.com
bohoglamburlesque.com
naijafame.net
digitallghtning.com
refreshpor.xyz
luly-boo.com
enchantedroses-shop.com
victorrialand.com
kenzivenum.com
protokolavukatlik.com
berrymojito.com
empireexteriorservices.com
pushaoeel-kouhu-bunan7266.com
travellerbugs.com
allcources.com
jaszicurls.com
rem-youth.com
strawberryroom-15.com
paramusinsurancebroker.com
jhtz001.com
promtgloan.com
Targets
-
-
Target
REMITTANCE ADVICE.xlsx
-
Size
228KB
-
MD5
2caab2292b282e6a5dea1cf78f84924a
-
SHA1
86f37c31091b15cca135490a84eb52027bb1a4df
-
SHA256
4c84124c87cd46ce58a7a8208ad1674c4a270793f9a6158e80fd28f96b3cc844
-
SHA512
70590f55c98c31fb7b2a95cb6d6b63917e1fa0f868c3af852a805d45cbb176356a4b1dc1431ef908c680821730d0d02948956c03388fcee6fcf6bbd661d55733
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-