General
-
Target
8ea9e71562afe3c89c89eb710410534f
-
Size
75KB
-
Sample
220621-r9sdksggg8
-
MD5
8ea9e71562afe3c89c89eb710410534f
-
SHA1
a3748535b8a396c1145e8c1db9d3a58205b0a19b
-
SHA256
616002c7b51a2776782788b5b4dade1dddf4bc3d1be684fd92f6e9b0f7368576
-
SHA512
77ed75fdef1826006f5ad36ff953361ea82e351004224c0e8adce2b41a5311d6ad2243eaa1a103ffee68ecb77318fba7a69fbaf9e1b30d566028c0909ea0ff68
Static task
static1
Behavioral task
behavioral1
Sample
swift_5466535-9868655_45456.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
swift_5466535-9868655_45456.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.5
r87g
gzjyjzsj.com
rapibest.com
affordablebathroomsbyfrank.net
roboruben.com
xn--dlisucr-byag.com
encoreasso.com
piscire.com
dixiebusybee.com
newrome.xyz
sunshinejon.com
glacierforfcs.xyz
borhanmarket.com
tous-des-cons.club
hsfstea.com
spiniform.info
vaicomfibra.com
shinigami.xyz
kryptoindia.com
listentoappetite.com
securepplpay.com
savannabrazell.com
dallascowboysticket.online
lemuria4.online
pakistaninusa.com
realdigitaldivide.com
nameandlikenesslabs.com
icris2021.com
amorporlaropa.com
xgirlstar.com
localhuktoyof6.xyz
about-times.xyz
withvertex.com
newtajmahalfashion.xyz
myapple3.com
sjitcom.com
shemanifesteverything.com
nft2yuan.com
misfitlamps.com
nordicautoparts.net
precisecleanteam.com
unmoro.com
gh-michikusa.com
usbgdt.net
ordt.xyz
hcaptchabypass.com
samedaycash.loan
lavistacaffe.com
alicekay.online
aceproservices.net
androidapdate.com
kredsen.website
southwinds-kolkata.com
069superbetin.com
adorablymeboutique.store
xbet973.com
xn--czrr40i.xn--io0a7i
shadow-marketing.com
license-plate-find.online
wwwoneparkfinancial.com
milehighrenewals.com
scyxmq.com
mbdeyren.com
nottryingdoing.com
homesandhorse.com
stpaulsschoolbagidora.com
Targets
-
-
Target
swift_5466535-9868655_45456.xlsx
-
Size
52KB
-
MD5
a96ddbe347e32231c69661c2378b6f8f
-
SHA1
08121d6e2283c1369fc68c5a16570286895d5df0
-
SHA256
18b9c1cf9230f3c1d68056d6c17e050548ab2d62e545ba3063bb03777383e9bf
-
SHA512
8a61b2452671b8e2a54bf968360f5a377ecfef798a634463cdf7e9102980a339409c19b0f9e386b111007a6581e851556d0b150e44725aa23c1fcdf22e20fa86
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-