General
-
Target
SRL INJOUGH Oferty.xlsx
-
Size
183KB
-
Sample
220513-rwzwhabdfr
-
MD5
e2f9f7205237d66d1bf38afe6c640339
-
SHA1
8ca995164a3c4ef2e9bc5c95ee124872391deaa7
-
SHA256
48af10595cf68328465412bae7225b4c5da1f4394ddaa58735b15e062c502329
-
SHA512
ae47a6060cd11366865bc4f90c4203042f59f89dfbb57def54a1dcc5794f287233887b087802928672e76649525877f01587c85650274191730a935441cf9d1a
Static task
static1
Behavioral task
behavioral1
Sample
SRL INJOUGH Oferty.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SRL INJOUGH Oferty.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
arh2
hstorc.com
blackountry.com
dhrbakery.com
dezhouofit.com
defipayout.xyz
ginas4t.com
byzbh63.xyz
qrcrashview.com
mialibaby.com
enhaut.net
samainnova.com
yashveerresort.com
delfos.online
dungcumay.com
lj-counseling.net
fliptheswitch.pro
padogbitelawyer.com
aticarev.com
sederino.site
bestplansforpets-japan3.life
radicallysimplesupps.com
sandbagmaker.com
misdcf.xyz
nbpz.xyz
floridasunbreaks.com
justfinishesofcolorado.com
homemethtestkit.com
chaquetashapticas.com
zodiactshirt.com
tees.email
zxzx999.com
tempepdf.com
watchusroll.com
parotacenter.com
assistcourse.online
paulstilingroup.com
cnbcfx.com
mooncore.xyz
laplugnation.com
gosti24.com
cthomassolutions.com
rkhubs.com
aboutpier.com
multimediaroomandboard.com
iamparrot.com
wifitest.info
nounworld.com
xpartner.biz
128grandviewdrivenewportnsw.com
bakiin.com
suitcell.com
onehitgamerstudios.com
bathingsuitsshoppingus.com
wingstarifa.com
ccasudqi.com
epiconscious.com
ponponshoes.com
cicom.tech
safetynetinc.net
recanto.xyz
sellsidelite.net
kevmoinesproperties.com
hdwallpaperpics.life
57gznfw.xyz
abtys6.online
Targets
-
-
Target
SRL INJOUGH Oferty.xlsx
-
Size
183KB
-
MD5
e2f9f7205237d66d1bf38afe6c640339
-
SHA1
8ca995164a3c4ef2e9bc5c95ee124872391deaa7
-
SHA256
48af10595cf68328465412bae7225b4c5da1f4394ddaa58735b15e062c502329
-
SHA512
ae47a6060cd11366865bc4f90c4203042f59f89dfbb57def54a1dcc5794f287233887b087802928672e76649525877f01587c85650274191730a935441cf9d1a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
decrypted
-
Size
177KB
-
MD5
ed6cfe2f33c53a2f00b89df64378d92d
-
SHA1
9887eb84bad60aeb24118f376ed20653b529ff01
-
SHA256
8bd763832d675d199f3e2b74daf55d3e575a6f1c40b9e51f00dfa2e7703d9d9d
-
SHA512
bb1182e7ba03becd8c2a6cfb911d1b9cf4dfe353320afd1053ed8094d5015cf1855480cb1f03c535920787dc250e880219f20b226f9ea2510e6e31a36277fec7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-