General
-
Target
lod2.xlsx
-
Size
187KB
-
Sample
220127-hd4bjaghfp
-
MD5
5bba5a0571a4c6eb4b4edae51f139e37
-
SHA1
9a1cdec33e5f6b4e678bf64330da319db4010a08
-
SHA256
b8b900615f340542853e4dd43975d14b4366d775621b5f6d5bf491814533d2a8
-
SHA512
b183f8e50c127797a963501af3fba715055c880d66e5761759f96c2429e84fa1df0f6265cd0934af0d48598b057eb1fc8ac752028006f0db96fe4ef8533fd000
Static task
static1
Behavioral task
behavioral1
Sample
lod2.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
lod2.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
ndf8
cantobait.com
theangularteam.com
qq2222.xyz
floridasteamclean.com
daffodilhilldesigns.com
mindfulagilecoaching.com
xbyll.com
jessicaepedro2021.net
ccssv.top
zenginbilgiler.com
partumball.com
1681890.com
schippermediaproductions.com
m2volleyballclub.com
ooiase.com
sharingtechnology.net
kiminplaka.com
usedgeartrader.com
cosyba.com
foodfriendshipandyou.com
ottolimo.com
growingyourlist.com
therealvictoriabelieves.com
juststartmessy.com
giovannahuyke.biz
conditionsapplied.com
hypadel.com
hpywk.com
safepostcourier.com
heshicn.net
perfektdesigns.com
4008238110.com
29store.xyz
frasins.com
amrittrading.com
dimaiwang.com
promtgloan.com
rosalvarodriguez.com
yiqingdh.xyz
toloache-matrix.com
homevoru.com
esatescort.xyz
onlinedictionary.cloud
smarthomesecurity.online
nikisankala.com
multizoneductlessminisplits.com
32123.space
bethesdagardensloveland.com
bestpicture-toglancetoday.info
mochicascafe.com
moneylovepig.com
envisioneyecare.net
jumbul.com
onbecomingalifecoach.com
gubosaonline.com
2636654.win
ktxloo.com
side-clicks.com
spectrumassociation.com
albatrosmed.store
drsazidalsahaf.com
applykpologistics.com
rezzo-jazzavienne.com
huachen100.net
pawastreams.com
Targets
-
-
Target
lod2.xlsx
-
Size
187KB
-
MD5
5bba5a0571a4c6eb4b4edae51f139e37
-
SHA1
9a1cdec33e5f6b4e678bf64330da319db4010a08
-
SHA256
b8b900615f340542853e4dd43975d14b4366d775621b5f6d5bf491814533d2a8
-
SHA512
b183f8e50c127797a963501af3fba715055c880d66e5761759f96c2429e84fa1df0f6265cd0934af0d48598b057eb1fc8ac752028006f0db96fe4ef8533fd000
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-