General
-
Target
SOA.xlsx
-
Size
229KB
-
Sample
211207-p6e8qshcgr
-
MD5
967c89ec5975f4463d26a0811ba0facc
-
SHA1
aec27ed5e87b1ae3dc63cbeb3cdf6bcdd7e08b74
-
SHA256
4acfd899585cc3b46b0e523ba0cf61e4c78994e4ece49590323f41f8ec4c9eaf
-
SHA512
3090eb592a3dde7e61c5f8ae7fe25b0b7288cc596638c19957a52a32ccce2b7e491fa79208aac29e4252c7a178aa23e3768d18a6f32caaebecc62f96d579fcc1
Static task
static1
Behavioral task
behavioral1
Sample
SOA.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SOA.xlsx
Resource
win10-en-20211104
Malware Config
Extracted
xloader
2.5
ea0r
http://www.asiapubz-hk.com/ea0r/
lionheartcreativestudios.com
konzertmanagement.com
blackpanther.online
broychim-int.com
takut18.com
txstarsolar.com
herdsherpa.com
igorshestakov.com
shinesbox.com
reflectpkljlt.xyz
oiltoolshub.com
viralmoneychallenge.com
changingalphastrategies.com
mecitiris.com
rdadmin.online
miniambiente.com
kominarcine.com
pino-almond.com
heihit.xyz
junqi888.com
metalumber.com
sclvfu.com
macanostore.online
projecturs.com
ahcprp.com
gztyfnrj.com
lospacenos.com
tak-etranger.com
dingermail.com
skiin.club
ystops.com
tnboxes.com
ccafgz.com
info1337.xyz
platinum24.top
hothess.com
novelfinancewhite.xyz
theselectdifference.com
flufca.com
giftcodefreefirevns.com
kgv-lachswehr.com
report-alfarabilabs.com
skeetones.com
4bcinc.com
americamr.com
wewonacademy.com
evrazavto.store
true-fanbox.com
greencofiji.com
threecommaspartners.com
hgtradingcoltd.com
xihe1919.com
241mk.com
helplockedout.com
wefundprojects.com
neosecure.store
purenewsworldwide.com
luckylottovip999.com
lottidobler.com
proyectohaciendohistoria.com
raintm.com
theproducerformula.com
trademarkitforyourself.com
ottaweed.com
Targets
-
-
Target
SOA.xlsx
-
Size
229KB
-
MD5
967c89ec5975f4463d26a0811ba0facc
-
SHA1
aec27ed5e87b1ae3dc63cbeb3cdf6bcdd7e08b74
-
SHA256
4acfd899585cc3b46b0e523ba0cf61e4c78994e4ece49590323f41f8ec4c9eaf
-
SHA512
3090eb592a3dde7e61c5f8ae7fe25b0b7288cc596638c19957a52a32ccce2b7e491fa79208aac29e4252c7a178aa23e3768d18a6f32caaebecc62f96d579fcc1
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-