General
-
Target
RFQ 202200153149 .xlsx
-
Size
187KB
-
Sample
220127-qb4hhsdbck
-
MD5
5e4f44a52133e8a610715e41c0a1f222
-
SHA1
8d74995ad95281e2c6fa7159cb4bedffe9badfb7
-
SHA256
380059b1975685a81a70f8a74e3a78130ce7cdc60792240dede87045bce1eb69
-
SHA512
0ac36d121f16a20de3f22bd4455b799159ecddabc44547934e48eb6e30bc53f7297a8b148ac0e67b01fb7ab802cde07bb22383802b8b5186fec04d286bc00823
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 202200153149 .xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RFQ 202200153149 .xlsx
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
i5nb
monkenram.com
ryhairclinic.com
smtrbrndmethod.com
skvela-plet.com
1sa.space
duplicatedaves.com
tudesafiofit.com
stolenartnfts.com
htmconfeccoes.com
popitparadise.com
brightlightservices.net
restaurangveckan.one
yourlittlehelp.store
vsley.com
xxxpornmodels.com
lei.ink
ouch247tap.com
paradgmpharma.com
airdrop-binance.com
hip-hopyhvqha.online
ezsoftwaresystems.xyz
detailingglaze.com
cobblestoneconstructions.net
026atk.xyz
tautautautautau.com
elsulu.com
makeup-first.xyz
wowsitdown.com
sparkling-sunshine.com
gsjbd3.club
myhkterstugroup.net
dixieexpressllc.net
zjglwl.com
tahaniflower.com
jstongwei.com
stardm.agency
globalesportsadministration.com
alltherapist.net
shopifymarket.us
urbanmicchile.com
aqarhub-eg.com
palmbeachdesignbuild.com
conscious.investments
724761.com
pinio.info
thelivinginfinite.club
jerrys0428.xyz
asinment.com
honourhiers.com
devisaudia.com
zacors-th.com
haolie166.com
corbachi.xyz
araksoft.online
intimateadulttoys.com
muckbud.com
dayinsousse.com
kenkou-sya.com
alias-group.tech
jahidhasantuhin.com
dauxanhdaumoe.xyz
growbevy.com
alfilermarketing.com
zenahaircarenyc.com
fertilnieste.quest
Targets
-
-
Target
RFQ 202200153149 .xlsx
-
Size
187KB
-
MD5
5e4f44a52133e8a610715e41c0a1f222
-
SHA1
8d74995ad95281e2c6fa7159cb4bedffe9badfb7
-
SHA256
380059b1975685a81a70f8a74e3a78130ce7cdc60792240dede87045bce1eb69
-
SHA512
0ac36d121f16a20de3f22bd4455b799159ecddabc44547934e48eb6e30bc53f7297a8b148ac0e67b01fb7ab802cde07bb22383802b8b5186fec04d286bc00823
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-