General
-
Target
963160d26142b6474f438817ec48eb78
-
Size
126KB
-
Sample
220621-rnv8cadhhm
-
MD5
963160d26142b6474f438817ec48eb78
-
SHA1
52fc1fa9c7583c82ad9cd490cddd3d952707fd06
-
SHA256
af72242806490ba1f281a4c443c8441e50347f1792fb72bc6ac522d510356b1b
-
SHA512
c3cef3309e39d2d8a2b8e729959e50a5f18444eabe59570dab1c70fc09f12308423f9fa92a2fd8bca9ba6e4798d2d960c266249b80b95e6ebaf3db783ffca5bb
Static task
static1
Behavioral task
behavioral1
Sample
CRT CO.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CRT CO.doc
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
vweq
malang-media.com
mrsfence.com
lubetops.com
aitimedia.net
montecryptocapital.com
ahwmedia.com
bvmnc.site
bggearstore.com
bcsantacoloma.online
alltimephotography.com
santacruz-roofings.com
leaplifestyleenterprises.com
censovet.com
similkameenfarms.com
undisclosed.email
thetrinityco.com
rapiturs.com
jedlersdorf.info
mh7jk12e.xyz
flygurlblogwordpress.com
goodbaddesign.com
equipmentrentalpartyplus.com
ohyoutube.com
projetoarvore.com
2379.flights
implemedescribed.com
kreasinesia.com
ownitoffice.com
fortekofteacizyemeknerde.store
my-wh-webproject.com
518499.com
naples-us.com
tlrohio.com
kanchava.com
lcloudfindin.com
cybermatrix.tech
i6lqi.xyz
ebay-online-selling-24.com
afrisectelecoms.com
tiantian997.xyz
strategyvenues.com
marketnear.watch
thebrooklynyogi.com
sonikbuilder.online
voyagesconsulting.com
ledgel0ungers.com
youhadtobethere.biz
disabled-long.com
dental-implants-encounter.life
zydssq.com
livingwell.green
doumao334.xyz
moodysoot.online
licos.xyz
maqitashop.com
doroos.online
laikemiao.com
petrolverse.xyz
apostolicpraise.net
todaychance.com
helightville.com
st-john-fisher-school.com
agwly.com
dashop.pro
zxc3426.xyz
Targets
-
-
Target
CRT CO.,=?UTF-8?B?TFREIOivouS7tyAyMkUwMDAzMDAueGxzeA==?=
-
Size
79KB
-
MD5
dd46ed89d3a3980b0bc2777d4add5ccc
-
SHA1
1a2f9c8cccc09cded5d37dfa2b0d036c2c9c1aa6
-
SHA256
15aef9c8fb1a266c387dcfa0c8f432b869f6ec38bf0cbc32a0c4165342a2f122
-
SHA512
bbd3d46cff7b697035486ae1faff7294fbd59e3619fcb716d792c53913514be398c740271a4ae5c21aedba74daed1f3db8b10c4df6eb23be08c647e46d64dc2a
Score1/10 -
-
-
Target
decrypted
-
Size
74KB
-
MD5
d6292ede597ee252272ff26b3b0921ee
-
SHA1
c30df83b8ff4b9d170e317f77f5f11256400d7f3
-
SHA256
cca88d823b05ff47e9bc7c2d98e4f4d7f7bb31f913edc35cf2a6b5b067a1a2fa
-
SHA512
ad707c06b15c4f7943300cbc6047fa9bb886241a36c801ac5c443bc88b28552891380f916b9e56dd14b1591e1d71060f69719feddb37d7a2f5df1416b70f9911
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-