General
-
Target
PAYMENT_xlsx.exe
-
Size
260KB
-
Sample
220209-mdncjaabdj
-
MD5
903f090170c015ce8a923608be5f5529
-
SHA1
ca5ab369fa9fa10367f8d2de5530986dd5add4a1
-
SHA256
ae912e8263a9242ff6590f2c818cdc64c3a6f2f059576dc8d760a3af93db63fc
-
SHA512
fb716c05053f9643ebdaff1e5a5a3d9b88cee77c1753a51618ab3c8f7897cd79384250edbe49cad6cf86579b83dd317ce2922674835ea3d484a0fb0f79f3bf6b
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT_xlsx.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
dtt3
edilononlineshop.com
cursosd.com
viellacharteredland.com
increasey0urenergylevels.codes
yjy-hotel.com
claym.xyz
reelsguide.com
gives-cardano.com
ashrafannuar.com
mammalians.com
rocketleaguedads.com
yubierp.com
minimi36.com
chn-chn.com
jagojp888.com
parsian-shetab.com
273351.com
mdtouhid.com
babedads.com
vallinam2.com
buro-tic.com
az-rent.net
shifaebio.xyz
circuitoalberghiero.com
xn--b1afb9b.xn--p1acf
canlioyundasin.online
sachainchirajaomega.com
scandinest.com
pluky.net
tpxcy.com
nbg.global
automountproducts.com
hghbj.com
beachsidecoatings.com
householdertips.com
coworkingspace.online
doujyou.com
tenloe053.xyz
udpbkp.biz
kondanginyuk.online
zipiter.com
christiankrog.com
reliantrecruitinggroup.com
acrylicus.com
cruelgirls.biz
oeinsulation.com
mapnft.xyz
leadersfort.com
foodroutine.com
mayerohio.info
systemofsolutions.com
gideonajibike.com
bigboobz.net
townofis.com
mhkxlgs.com
sussaautocare.com
quicktle.com
boutiquedangel.com
garrisonroadhouse.com
stiff-pols.art
cabalaconsultores.com
theweddinggame.net
themoneymagicians.com
overtonesa.com
janasflannels.com
Targets
-
-
Target
PAYMENT_xlsx.exe
-
Size
260KB
-
MD5
903f090170c015ce8a923608be5f5529
-
SHA1
ca5ab369fa9fa10367f8d2de5530986dd5add4a1
-
SHA256
ae912e8263a9242ff6590f2c818cdc64c3a6f2f059576dc8d760a3af93db63fc
-
SHA512
fb716c05053f9643ebdaff1e5a5a3d9b88cee77c1753a51618ab3c8f7897cd79384250edbe49cad6cf86579b83dd317ce2922674835ea3d484a0fb0f79f3bf6b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-