General
-
Target
INQUIRY-19052022.xlsx
-
Size
223KB
-
Sample
220519-qsc2wsafbk
-
MD5
c5c836b9e1b1fe4f0fde289fec3259e6
-
SHA1
bc7e32fd06cb184cd22750be32541e266410a10e
-
SHA256
c8205c3951b61fb4bc8f6777073cfd3546982746d6dd5801a6ec39c447c9d4db
-
SHA512
7f980116962422c739355a9bacff76b5887d4703225abcbcc9c07fdf019b5ec9f58def668b6edb3f2feda889874afa4f2d94306165e6c88218f2ec38271b632a
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY-19052022.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INQUIRY-19052022.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
be4o
laboratoriobioixcha.com
tictocperushop.online
wild-oceans.com
belaruscountry.com
kicktmall.com
fitcoinweb.tech
mores.one
gogear.one
gxrcksy.com
samrcq.com
impossible-icecream.com
bravesxx.com
bookchainart.com
sleepsolutionsofmboro.com
ocbrazilbusinessclub.com
advisor76.xyz
xitaotech.com
mgsdtytifgf3414.xyz
johnson-brown.net
cr3drt.com
virtualtourpro.store
transporteriocristal.com
fjbingjiang.com
minecraftrojectx.site
ttrcb.com
sexlarab.com
cxzczc2.online
doorsmm.com
weisbergiegal.com
skythinks.com
schoolsuperaty.com
swampbucketkids.com
networklogicsa.com
businessevs.com
gulfcoastclinicchiro.com
milliards.xyz
moviesquery.com
cycletostack.com
c0wkvo.com
inkingthings.net
cookvillecampgroundvt.com
rajeshprinters.com
binge-bane.biz
ginger9632-voice.cloud
1nfo-post.com
unta.xyz
liuhumu.com
khandaia.info
ha01qnscvts0l.xyz
liert.site
allflowmedia.com
6ibnuj9t.xyz
embravewise.com
responsabilities.com
apexges.com
ola-speechtherapy.com
pristinefarmlands.com
adaraateristiayote.store
journeyhomemeditation.com
96238.top
nosipokip.site
itt-service.com
bw590jumpb.xyz
relieveyourdog.com
qiyeweiiliaoo0428.com
Targets
-
-
Target
INQUIRY-19052022.xlsx
-
Size
223KB
-
MD5
c5c836b9e1b1fe4f0fde289fec3259e6
-
SHA1
bc7e32fd06cb184cd22750be32541e266410a10e
-
SHA256
c8205c3951b61fb4bc8f6777073cfd3546982746d6dd5801a6ec39c447c9d4db
-
SHA512
7f980116962422c739355a9bacff76b5887d4703225abcbcc9c07fdf019b5ec9f58def668b6edb3f2feda889874afa4f2d94306165e6c88218f2ec38271b632a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-