General
-
Target
MBGGS_Order_3746745855835.xlsx
-
Size
187KB
-
Sample
220127-nevnnsbfcj
-
MD5
5984e2466d39a7a6ba0ac8f101bbe202
-
SHA1
b601afcae33283b25b8dbc41179953889da4a7c2
-
SHA256
9b1a72d7fa5a2e8f59a46ff84ced32016be80a1be9fa0fc6c53a5e44bdb6d10a
-
SHA512
c8d3d357c027c9124360ab4fa5ce53059a99184f88c2878c0a6b408ba2a6f3a18c13085bf3fe414487bf95cf248aacfaa6b8f17f004bffff1d00de490870dd00
Static task
static1
Behavioral task
behavioral1
Sample
MBGGS_Order_3746745855835.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
MBGGS_Order_3746745855835.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
yrcy
ordermws-brands.com
jkbswj.com
dairatwsl.com
lewismiddleton.com
hevenorfeed.com
kovogueshop.com
cyberitconsultingz.com
besrbee.com
workerscompfl1.com
wayfinderacu.com
smplkindness.com
servicesitcy.com
babyvv.com
fly-crypto.com
chahuima.com
trist-n.tech
minjia56.com
oded.top
mes-dents-blanches.com
nethunsleather.com
onlinesindh.com
genrage.com
bhalawat.com
5gwirelesszone.com
semejnyjochag.com
shopvintageallure.com
laqueenbeautybar.supplies
hominyprintingmuseum.com
taksimbet13.com
fairytalesinc.com
loversscout.com
nxn-n.com
lovebydarius.store
mintnft.tours
snowjamproductiosmedia.com
boraviajar.website
cryptointelcenter.com
m2momshealth.com
perfectionbyinjection.com
cletechsolutions.com
skin4trade.com
a9d7c19f0282.com
waltersswholesale.com
lendsoar.com
virginialandsforsale.com
shinepatio.com
nba2klocker.team
picturebookoriginals.com
chatteusa.com
bodevolidu.quest
certidaoja.com
scgxjp.com
cbd-cannabis-store.com
kadinisigi.com
vacoveco.com
hostedexchangemaintainces.com
hf59184.com
jingguanfm.com
browsealto.com
kymyra.com
xrgoods.com
dtsddcpj.com
uptimisedmc.com
redsigndesign.com
drmichaelirvine.com
Targets
-
-
Target
MBGGS_Order_3746745855835.xlsx
-
Size
187KB
-
MD5
5984e2466d39a7a6ba0ac8f101bbe202
-
SHA1
b601afcae33283b25b8dbc41179953889da4a7c2
-
SHA256
9b1a72d7fa5a2e8f59a46ff84ced32016be80a1be9fa0fc6c53a5e44bdb6d10a
-
SHA512
c8d3d357c027c9124360ab4fa5ce53059a99184f88c2878c0a6b408ba2a6f3a18c13085bf3fe414487bf95cf248aacfaa6b8f17f004bffff1d00de490870dd00
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-