General
-
Target
tmp/8a3e48550ae70dc076c4f0930dbb46afb3775dcc0f038943ba93483524465c5b.xls
-
Size
228KB
-
Sample
211206-nwl3vsdhfr
-
MD5
75ff2ad7562cb84499dfa0885e11813d
-
SHA1
85693dacf816a7f5d990da174c406e950b08baf1
-
SHA256
8a3e48550ae70dc076c4f0930dbb46afb3775dcc0f038943ba93483524465c5b
-
SHA512
dcd0f6d8748e0af1e21551e0b9e4d06355e79d678fb008e0e026335252d67019c04aa4691b25e61de0427df69aee539d0adb9af3de57776c48ef4026e3ab367d
Static task
static1
Behavioral task
behavioral1
Sample
tmp/8a3e48550ae70dc076c4f0930dbb46afb3775dcc0f038943ba93483524465c5b.xls
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
tmp/8a3e48550ae70dc076c4f0930dbb46afb3775dcc0f038943ba93483524465c5b.xls
Resource
win10-en-20211104
Malware Config
Extracted
xloader
2.5
mwev
http://www.scion-go-getter.com/mwev/
9linefarms.com
meadow-spring.com
texascountrycharts.com
chinatowndeliver.com
grindsword.com
thegurusigavebirthto.com
rip-online.com
lm-safe-keepingtoyof6.xyz
plumbtechconsulting.com
jgoerlach.com
inbloomsolutions.com
foxandmew.com
tikomobile.store
waybunch.com
thepatriottutor.com
qask.top
pharmacylinked.com
ishii-miona.com
sugarandrocks.com
anabolenpower.net
my9m.com
ywboxiong.xyz
primetire.net
yshxdys.com
royallecleaning.com
xtrategit.com
almashrabia.net
bundlezandco.com
sandman.network
vinhomes-grand-park.com
jbarecipes.com
squareleatherbox.net
breathechurch.digital
wodemcil.com
carthy.foundation
galimfish.com
reflectbag.com
lheteclase.quest
yourvirtualevent.services
custercountycritique.com
liyahgadgets.com
sweetascaramelllc.com
lzgirlz.com
flydubaime.com
aanhanger-verhuur.com
schooldiry.com
theroadtorodriguez.com
mrteez.club
gxystgs.com
runz.online
kometbux.com
mintyhelper.com
bestinvest-4u.com
bjxxc.com
e-readertnpasumo5.xyz
experimentwithoutlimits.com
21yingyang.com
recbi56ni.com
tabulose-milfs-live.com
uglyatoz.com
websitessample.com
gogopficg.xyz
fourthandwhiteoak.com
fulvousemollientplanet.com
Targets
-
-
Target
tmp/8a3e48550ae70dc076c4f0930dbb46afb3775dcc0f038943ba93483524465c5b.xls
-
Size
228KB
-
MD5
75ff2ad7562cb84499dfa0885e11813d
-
SHA1
85693dacf816a7f5d990da174c406e950b08baf1
-
SHA256
8a3e48550ae70dc076c4f0930dbb46afb3775dcc0f038943ba93483524465c5b
-
SHA512
dcd0f6d8748e0af1e21551e0b9e4d06355e79d678fb008e0e026335252d67019c04aa4691b25e61de0427df69aee539d0adb9af3de57776c48ef4026e3ab367d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-