General
-
Target
e-pda 0003000009011.xlsx
-
Size
187KB
-
Sample
220127-qb4hhsdbcj
-
MD5
311a0b499bb2180ce183330006de9fa3
-
SHA1
df4b6eca6a2eda123b34e3254d1d68181447a89c
-
SHA256
be60f84619955a078bd3d3a90275d55847ea41877c108b498bc4a77274b10f37
-
SHA512
e9f911affc17621aad179549d088bac466ec2e4b0536a2477ac9fecff411b669cccf4a4ae109b6419ed9538fe2eab750b32d7480aa717f0706742723850f3caf
Static task
static1
Behavioral task
behavioral1
Sample
e-pda 0003000009011.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e-pda 0003000009011.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
o6tg
turkscaicosonline.com
novelfoodtech.com
zgrmfww.com
gestionalcliente24hrs.store
postrojka.com
tapissier-uzes.com
tobytram.one
preamblegames.com
clicklinkzs.com
franksenen.com
beautygateway.net
foils-online.com
aout.us
promarkoperations.com
alignatura.com
changemylifefast.info
minbex.icu
internethustlersociety.com
chinacqn.com
fibsh.com
878971.com
diy-shisha.com
smarthomesecurity.online
orimsglow.com
platterwax.xyz
ipinksheets.com
robertatoschi.com
mieventi.com
qumuras.info
anyoneh.com
lovegasboutique.com
elimchambers.com
nanopicomedia.com
getoken.net
thechristmaslightingstore.com
progressivecapital.net
ott-leszek.com
flaneur.city
srikrishnadental.com
bantasis.com
forhims.jobs
sscmdpt.com
americanpawnaz.com
greatdayplumbing.com
skinstorecenter.com
chaoticcomicscrafts.com
farhadhossain.us
c-soi.com
http01.com
tjweifukeji.com
controldatasa.com
fitlearningphoenix.solutions
polecatroofing.com
xrxgqf.website
helmettips.com
caesarscasiono.com
dmfcommercialrealty.com
risecards.com
energycolumbus.com
slot138gacor.com
votenoahring.com
trigatefinancial.com
cuework.com
victorianalpine.com
makvik.online
Targets
-
-
Target
e-pda 0003000009011.xlsx
-
Size
187KB
-
MD5
311a0b499bb2180ce183330006de9fa3
-
SHA1
df4b6eca6a2eda123b34e3254d1d68181447a89c
-
SHA256
be60f84619955a078bd3d3a90275d55847ea41877c108b498bc4a77274b10f37
-
SHA512
e9f911affc17621aad179549d088bac466ec2e4b0536a2477ac9fecff411b669cccf4a4ae109b6419ed9538fe2eab750b32d7480aa717f0706742723850f3caf
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-