General
-
Target
c5c4e5799564f3b661689ad1469c1d2b
-
Size
139KB
-
Sample
220621-rrdsgagch8
-
MD5
c5c4e5799564f3b661689ad1469c1d2b
-
SHA1
c515a5050b6dd22d15cb7bf707d831b3b39687f6
-
SHA256
63652138daf8365f6dab21d26a3d7f6286544087760a8f60a66fd98fee63d362
-
SHA512
66e0524178ee8cc608fe9b17c153b0d2f108ce4276e1d2f5d21a96cdd1dc2056a477da13ac1e4b9ede4e4572190972a555138ef1e81bf6c60d338c8b2d9fda17
Static task
static1
Behavioral task
behavioral1
Sample
certifikat dobavnice 5538.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
certifikat dobavnice 5538.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
oecd
mrcrickethighlights.com
milozzo.com
biggorillacreative.com
pecwi67.store
stoneeast.com
redicredi.com
warrentonvalodging.com
lexbbc.com
acmet-shirtco.com
grocits.com
vlconstruction.info
jxstore1.com
lifeenrollmarketplace.com
wgr5n.xyz
710wgm.com
ccrdidkqpoxzrrpfpmcb.com
boswellbrothersofnc.net
girajewelry.com
primesukkah.com
daotengge.com
nishorgonishad.com
bakeymakey.com
eatingspotbr.com
dispectra.com
sunglassestag.net
avenidagold.com
ptkiss.com
request.onl
blogging-news.com
hbxrys.com
alomarifamily.com
dzpmzf.club
jimsan.com
polynerdle.com
bojan-milenkovic.com
gripstogo.com
cargoplase.com
ledyardhomes.com
wisconsintowingservices.com
antersen.com
jylzxyy.com
sitrak-russia.com
illicitworldwide.com
fortymall.com
depline.site
ketoyjugyshop.xyz
engematec.com
americapatriotpayments.com
dzylfjx.com
ryancapmonkey.com
arbah-capital.online
igetoa.com
course-secrets.com
sanluisalminuto.com
brekenseyphotos.com
weddingsiteshop.com
infobmwpromo.com
umeizhi.com
ashitasanwalka.com
wpew.xyz
cocoron5.com
lugmwv-udps.website
xiaoyouquanzi.com
qk-study.com
jfcls.xyz
Targets
-
-
Target
certifikat dobavnice 5538.xlsx
-
Size
71KB
-
MD5
e8e6db5a344b2a76274672464cd74633
-
SHA1
b3cc85b851ef064f85ec1b650e6a58ed38b395b4
-
SHA256
cd71adf7e4f77092fc252b2f26e77e95617fd71de9077182f07b54c2ddaef39b
-
SHA512
c3769bbcf1da3dbf69af45b426b7509ae734ea41421c486aa6dbb0263c7d861850a4e02c95bd8346ba6b82166e33c1b59f4713046216b376dfe8f101a0226154
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-