General
-
Target
4577189451956224.zip
-
Size
1KB
-
Sample
220325-wxcjtafhdm
-
MD5
18b981c265d4b9d70b4cfe0a82343b22
-
SHA1
64ac2201ca31ef29017891cfa1a4264ebd88cd4b
-
SHA256
2cc20535a34a0776e35b4842fe88e6e7475f67ae8bc3a5abb7545fb675bc43a5
-
SHA512
4826544a03f66be3e35b35a5ba0ae69411a74efc4015320b840c03ae08bc8ebdd2ff8b84a584b860dd26a81d148d7b274cf843008357386dee9bb6d50e69012d
Static task
static1
Behavioral task
behavioral1
Sample
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8.iso
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8.iso
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
Revised Invoice #03252022.vbs
Resource
win7-20220311-en
Malware Config
Extracted
https://transfer.sh/get/9GqmOG/jramooooss.ps1
Extracted
xloader
2.5
be4o
neonewway.club
kuanghong.club
7bkj.com
ooo-club.com
kamchatka-agency.com
sjsndtvitzru.mobi
noireimpactcollective.net
justbe-event.com
easypeasy.community
southcoast.glass
janhenningsen.com
jmxyjj.com
tarihibilet.com
nagradi7.com
percentrostered.net
certvaxid.com
kingseafoodsydney.com
blacksheepwalk.com
waktuk.com
inteligenciaenrefrigeracion.com
marvinhull.com
fikretbayrakdar.com
rsxrsh.com
vastukalabid.com
belindahulett.com
aibet888.club
icarus-groupe.com
vendasdigitaisonline.com
fairytalepageants.com
imaginativeprint.com
quanqiu55555.com
owensigns.com
kaikkistore.com
dreamintelligent.com
piqqekqqbpjpajbzvvfqapwr.store
mariachinuevozacatecas24-7.com
glenndcp.com
vaughnediting.com
10dian-3.com
buresdx.com
itservon.com
buyingusedfurniture.com
elektropanjur.com
logotzo.com
eaglesaviationexperience.com
antoniopasciuti.com
personas1web.com
hvbatterystore.com
ksustudyabroad.com
4huav946.com
gojajix.xyz
kennycheng.tech
traditionnevertrend.com
mytrainermatrix.online
basculasperu.com
eljkj.com
teleconstructiongroup.com
28682df.com
altimiravet.com
worldplantaward.com
mydxza.com
josiemaran-supernatural.com
brainymortgage.info
diffamr.net
istemnetwork.com
Targets
-
-
Target
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8
-
Size
54KB
-
MD5
49e864fe28310b2adc782a975aaa5b67
-
SHA1
82a9e71eccabf7675a333b9f4fdc99a85634bfbc
-
SHA256
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8
-
SHA512
381a1f47fe57a996fbaa56ee1b43b8260f7d3bbc9346be68114fe7977b283d0aa2d340291745d2683ca45a0e3232efbe644a5539f3756c28b24ba36cf63857ad
Score3/10 -
-
-
Target
Revised Invoice #03252022.vbs
-
Size
636B
-
MD5
e0e7f44f32d0b3dabb08bd61a3b81f6a
-
SHA1
3b5d3334936280cee7be949a7712669300502377
-
SHA256
db00c50095732ed84821f321b813546431f298525fea8dbd1a4545c3abfa1fe1
-
SHA512
78baf7107944bc1cc371f058f73a2ecd1f601b3401d10774440cfcbcc767549bb43143c261422e7bd2e3f345a5ebb99acda70ca1a2033ccbcd08ef86edff8bf1
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Suspected Jupyter Stealer Related Activity (GET)
suricata: ET MALWARE Suspected Jupyter Stealer Related Activity (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-