General
-
Target
FORNAX 2-Eng revised bank account.xlsx
-
Size
185KB
-
Sample
220303-jw5srabdhr
-
MD5
74ba866282eb9332585ed493840c4030
-
SHA1
4fecea9cfd6a9935e7aab9e3bb3de5bc50206f4c
-
SHA256
469884179434185e1275b12bc001caaae4281a8d5698e20f57b8f7770cdfd7b1
-
SHA512
24c98f080b51c1d74d88011a09476e45b1939fc2efd396008dc77025b8a9792b875322b263606b5d6d4e71ab54f5f59bcf0057d76429d9ce1d4b708e0aed0e82
Static task
static1
Behavioral task
behavioral1
Sample
FORNAX 2-Eng revised bank account.xlsx
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
FORNAX 2-Eng revised bank account.xlsx
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
igwa
listingswithalex.com
funtabse.com
aydenwalling.com
prochal.net
superfoodsnederland.com
moldluck.com
dianekgordon.store
regionalhomescommercial.com
mysecuritymadesimple.com
malwaremastery.com
kodaikeiko.com
jrzg996.com
agricurve.net
songlingjiu.com
virginianundahfishingclub.com
friendschance.com
pastelpresents.com
answertitles.com
survival-hunter.com
nxfddl.com
traditionnevertrend.com
agrovessel.com
unicorm.digital
cucumboy.com
alemdogarimpo.com
laraful.com
hexwaa.com
hanu21st.com
knoycia.com
qishengxing.com
gopipurespices.com
fdkkrfidkdslsieofkld.info
elephantspublications.online
valeriebeijing.com
xn--42cg2czax6ptae6a.com
2shengman.com
sfcshavedice.com
ragworkhouse.com
stardomfrokch.xyz
exoticcenterfold.com
eventosartifice.com
test-order-noren.com
110bao.com
face-pro.online
freedomoff.com
futuresep.com
tremblock.com
chocolat-gillotte.com
speclove.com
ddflsl.com
goodnewsmbc.net
cloudtotaal.com
goapps-auth.com
ouch247max.com
sabra-sd.com
luxuryneverhurt.art
rxvendorpills.online
ludowinners.online
placemyorder.online
skyrim.company
monsterlecturer.com
controle-fiscal.com
phoenixinjurylawyer.online
nanoheadgames.com
toposales.com
Targets
-
-
Target
FORNAX 2-Eng revised bank account.xlsx
-
Size
185KB
-
MD5
74ba866282eb9332585ed493840c4030
-
SHA1
4fecea9cfd6a9935e7aab9e3bb3de5bc50206f4c
-
SHA256
469884179434185e1275b12bc001caaae4281a8d5698e20f57b8f7770cdfd7b1
-
SHA512
24c98f080b51c1d74d88011a09476e45b1939fc2efd396008dc77025b8a9792b875322b263606b5d6d4e71ab54f5f59bcf0057d76429d9ce1d4b708e0aed0e82
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-