General
-
Target
Darko doo Ponuda.xlsx
-
Size
208KB
-
Sample
220510-ln6q7abbhl
-
MD5
2cb3dc55d935fa041cc469463236c7d4
-
SHA1
ebaa2a6e8eb071847808e233c706ce78725ecad1
-
SHA256
9386ac01c50cc2486dd0decec3706823b016adfba3cff50ffda5ed2ddd7f52c7
-
SHA512
db8f57ed860f14825aa1949969473b7d6d7413b3af6afb01e32a40077b96d40d186ee6300fc8a26591f73076c4cee0c8914c56bd0273e48eed507dd5c398c566
Malware Config
Extracted
xloader
2.6
arh2
hstorc.com
blackountry.com
dhrbakery.com
dezhouofit.com
defipayout.xyz
ginas4t.com
byzbh63.xyz
qrcrashview.com
mialibaby.com
enhaut.net
samainnova.com
yashveerresort.com
delfos.online
dungcumay.com
lj-counseling.net
fliptheswitch.pro
padogbitelawyer.com
aticarev.com
sederino.site
bestplansforpets-japan3.life
Targets
-
-
Target
Darko doo Ponuda.xlsx
-
Size
208KB
-
MD5
2cb3dc55d935fa041cc469463236c7d4
-
SHA1
ebaa2a6e8eb071847808e233c706ce78725ecad1
-
SHA256
9386ac01c50cc2486dd0decec3706823b016adfba3cff50ffda5ed2ddd7f52c7
-
SHA512
db8f57ed860f14825aa1949969473b7d6d7413b3af6afb01e32a40077b96d40d186ee6300fc8a26591f73076c4cee0c8914c56bd0273e48eed507dd5c398c566
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
decrypted
-
Size
201KB
-
MD5
e3506e12375a78e25c3928281dd19102
-
SHA1
94661f72f88800f105b413d7c93f9dc0a539f449
-
SHA256
16810206b9173b8f136c97f9d73fa19570aa14c697161774b1082fbd42a0a611
-
SHA512
083de22c84ea7ce61eddb0a5cbc7ecf2340dd708552a942713f991dd3a3a60c659ade36f9ed03bf657e707b7f275d1c6116427e5ca9d733a35cb99eafc7ac659
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-