General
-
Target
documents.xlsx
-
Size
187KB
-
Sample
220208-bl9d7abedp
-
MD5
bdee9442c6c00c66cae6a2966e21c959
-
SHA1
10f51a298ab9bd1a20197593a5d45eeb62e52570
-
SHA256
1299c1168e4958567314cc8109e37b20c5511002770554988a6fa25cb8e5aa4f
-
SHA512
89a3d65b3b95d17e184b11c69dbec4c11cc9f834cacb8122e7751eeae2d859cb1bcf862a6a0783edcb826a0052783b181e4957b40822bff3489ca50203d88f3d
Static task
static1
Behavioral task
behavioral1
Sample
documents.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
documents.xlsx
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
jdo2
adopte-un-per.com
lmandarin.com
shonemurawni.quest
bantasis.com
jsdigitalekuns.net
hiddenroom.net
arungjerampangalengan.com
yinghongxw.com
buzzcupid.com
lattent.digital
faxtoemailguide.com
romanticfriryrose.com
ruleaou.com
mochiko-blog.com
sekireixploit.com
bcx-wiremesh.com
jobportalsg.com
wysspirit.com
iflycny.com
sh-cy17.com
kryptolaunches.com
studio-levanah.com
iotnews.xyz
scznjt.com
puppizy.com
sportax.store
musicnjoy.art
thenerdyarkade.com
prelacies.info
eastwebdesign.com
clients-schwab.com
freemsw.com
propertytaxtt.com
camelammo.com
udidactica.com
nutriorlando.com
logichome.store
brickge.com
gnews24.press
cryptofuelcars.com
giftcodefreefirevns.com
xn--wnys27c.xyz
123sabi.com
drnxskop.xyz
guiadescontopromocional.com
traderro.com
oilsandsresources.com
dosmed.store
bullmediamarketing.com
brainnwave-uk.com
situspokergames.club
lowestfars.com
x99av2.xyz
bungaauraprediction.com
companyintel.direct
netzastronaut.com
abouttofeast.com
roleplaysaga.com
postkz.host
sobheweb.com
exit-10-exodus.com
oxanger.com
onehundredwomennash.com
decamento.com
remover-erro.com
Targets
-
-
Target
documents.xlsx
-
Size
187KB
-
MD5
bdee9442c6c00c66cae6a2966e21c959
-
SHA1
10f51a298ab9bd1a20197593a5d45eeb62e52570
-
SHA256
1299c1168e4958567314cc8109e37b20c5511002770554988a6fa25cb8e5aa4f
-
SHA512
89a3d65b3b95d17e184b11c69dbec4c11cc9f834cacb8122e7751eeae2d859cb1bcf862a6a0783edcb826a0052783b181e4957b40822bff3489ca50203d88f3d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-