General
-
Target
4b576304c3e8983c8ac3e54b7a336dc1
-
Size
197KB
-
Sample
220621-rnns9sdhgr
-
MD5
4b576304c3e8983c8ac3e54b7a336dc1
-
SHA1
c58b1c8ab2ff3b62644452d9e7a476dd4ffab91d
-
SHA256
e06c6c7f4d448ed82f1f1e98783a9901895a4013d554be9effd743d04b653518
-
SHA512
bfb6aaa101c6f0ba61bc11cf2a2bbecb1eb0054e3ba6050b7fa2b74d01c576d5c86e8a952b6716d3f9ea028b12730468c80ed2153401295e3737790f8a5f3cef
Static task
static1
Behavioral task
behavioral1
Sample
Doc202206201627.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Doc202206201627.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Inv202206201625.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Inv202206201625.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
gd9m
screens.ma
coachingdiary.com
cannabisconsultant.xyz
sirenonthemoon.com
gabrielatrejo.com
blumenladentampa.com
sturisticosadmcancun.com
qdygo.net
nubearies.com
thedestinationcrafter.com
fastblacktv.com
sanakatha.com
birdviewsecurityandshipping.com
waterfilterhub.xyz
92658.top
xigen.xyz
barikadcrew.com
herzogbjj.com
veminis.com
thnawya.net
gamertags.xyz
tenergyx.com
truthhaircuts.com
liveorangelake.com
paleosunvibes.com
globalworthy.com
editura-makarije.net
kashifashions.com
donestebanesquel.com
snoopsistahs.com
metatranzact.com
flawlesslook.store
ansiedademansa.com
apb.beauty
selfdefenseandimprovement.com
slr-of.com
nostalgija-sibenik.com
012channel.com
pdms.info
yhhj54.top
szscgz.com
pepsiessence.com
gspleakdetection.com
nephpropulsionsystems.com
pigeonpix.com
universalproviderservicetx.com
tur-v-dagestan.site
iknindia.com
mediacontactservices.com
basslinebeast.net
thinparty.com
nshy.agency
zendflowers.com
ankararuzgarhaliyikama.com
134688703.com
pengshengkeji.com
lequationbasque.com
prednisolone.cfd
menofnyc.com
artfkts.com
njbankruptcy.me
silvblansrl.com
promalehealth.com
futurax.global
yiwajg.com
Extracted
formbook
4.1
p94r
great-word-to-view-today.info
godlla.com
03clqzv8.xyz
smm61.xyz
nichesplay.space
piraguacorantioquia.com
gadaimobilbpkb.com
apexindustrialsupplies.com
maryczfowler.space
signaturecreator.online
oberstolz.info
veterinaryjobsmarketplace.com
cilibao.info
21haber.xyz
soldbyannchristian.com
sman1caringin.site
cullencottage.com
sizewue4.xyz
fusioncaf.com
thesanctuaryminerals.online
www409797.com
rnbbet.com
centurum.site
jjs.life
securityrakig.com
winerypit.com
netfairjob.com
promaids.xyz
ruamoto.com
confrontational.digital
jhenterprizes.com
mrzaps.com
takemyphrase.com
katiksiz.net
nft488.net
redfrostmail.com
dailyprofitsguru.com
hotelhacking.com
nullparade.com
rmhiherbal.site
livedma.com
cestlafie.com
bmord.info
askjesustoday.com
freepokies24.com
itsalancasterlife.com
tradersfamily.xyz
saltystraws.biz
sazondemama.com
contzo.xyz
beecheretiquetteschool.com
ritualdiver.com
logicallydunn.com
luxury-mobile.com
valueallotzoa.com
marinahartdonahue.com
rootapproach.com
plhago.xyz
savingsfurniturestore.com
beeviaggi.com
5470woodlawn1w.info
amycoaching.com
vauquois.club
guardinggreatness.com
concern.digital
Targets
-
-
Target
Doc202206201627.xlsx
-
Size
71KB
-
MD5
1d82383a97676c0119586294847d72c4
-
SHA1
e235ee979b771fc57a1591c3937964e8737e6522
-
SHA256
4a484a5d70b16a279ea706a537405a9163c26fb4fdb73ffe894ba0f424e57277
-
SHA512
0c92bdc7e80795bbf967d49238625bee28d47b43cfc8ac266e4becc6a71f6d8dd541e40e3b776ff9b22f4fdcb096c6ed18b35755af96a5a9d015eda68ff26799
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
Inv202206201625.xlsx
-
Size
71KB
-
MD5
02c755a3861024c1e79118b9159c9054
-
SHA1
a3b7119231700859502b6254b9a12cfe75daf99f
-
SHA256
effb514af6cb0ff5315d92b990dc6e4727a2798349020a5c88b040b2f84bb849
-
SHA512
1b4f4c07c91937c656c453f09a447b8fc70d981b7fed91e5001185b0b61d1b29eefc651d587031e99d8d2ca825eb9ff0c7906f99fcb5fb4aa6b776f91cd670aa
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-