General
-
Target
DUM 70-779 D.xlsx
-
Size
186KB
-
Sample
220224-dj5pbsdbdm
-
MD5
7b9ee6d79797a5845aaddea358f7e48c
-
SHA1
f29b722e3560b260a3e628cc3427caff8792e8cb
-
SHA256
4fccd7e86fa78a3510dc1e5bac951cfe95dfb6629536e22d0cadf00f049de500
-
SHA512
76106377f35227621299b0da90f5286cff45cdc7bb3315506d08d411bddc2dcef3283e8a0ff731efff0f2eaeb265669d3f66f71636e80d2b1d3b2846ccc16787
Static task
static1
Behavioral task
behavioral1
Sample
DUM 70-779 D.xlsx
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
DUM 70-779 D.xlsx
Resource
win10v2004-en-20220112
Malware Config
Extracted
xloader
2.5
p2a5
gorillaslovebananas.com
zonaextasis.com
digitalpravin.online
memorialdoors.com
departmenteindhoven.com
vipulb.com
ruyibao365.com
ynpzz.com
matthewandjessica.com
winfrey2024.com
janetride.com
arairazur.xyz
alltheheads.com
amayawebdesigns.com
califunder.com
blacksource.xyz
farmasi.agency
ilmkibahar.com
thinkcentury.net
eskortclub.com
trc-clicks.com
negc-inc.com
knightfy.com
rentalsinkendall.com
semikron1688.com
755xy.xyz
primespot-shop.com
securetravel.group
luxehairbyjen.com
augpropertygroup.com
xinlishiqiaoqiao.xyz
naggingvmkqmn.online
pynch2.com
awarco.net
booyademy.com
244.house
574761.com
haoshanzhai.com
dubaiforlife.com
acidiccatlsd.com
amotekuntv.com
runfreeco.com
iamaka.net
599-63rdstreet.com
cakeshares.com
evengl.com
joinlever.com
cyberaised.online
genrage.com
walterjliveharder.com
northbayavs.com
spajoo.com
ypkp-com37qq.com
dautucamlam.com
installslostp.xyz
bisbenefits.solutions
espchange.com
exteches.com
utilitytrace.com
468max.com
835391.com
shoptomst.com
pingerton.online
avpxshnibd.mobi
cupboarddi.com
Targets
-
-
Target
DUM 70-779 D.xlsx
-
Size
186KB
-
MD5
7b9ee6d79797a5845aaddea358f7e48c
-
SHA1
f29b722e3560b260a3e628cc3427caff8792e8cb
-
SHA256
4fccd7e86fa78a3510dc1e5bac951cfe95dfb6629536e22d0cadf00f049de500
-
SHA512
76106377f35227621299b0da90f5286cff45cdc7bb3315506d08d411bddc2dcef3283e8a0ff731efff0f2eaeb265669d3f66f71636e80d2b1d3b2846ccc16787
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-