General
-
Target
4ace262872d1fbbba4ecafabf1a256d6
-
Size
98KB
-
Sample
220621-rreprsgch9
-
MD5
4ace262872d1fbbba4ecafabf1a256d6
-
SHA1
d2dae88218ec0ceba90c703af1236c260b0b78bd
-
SHA256
e79c14b37f3bae66bac8eb5c7ea6aafa601c6b4fc33e151ff00fb80341dacfb0
-
SHA512
bdc510a545dd1f7623607438e39fcd9a62748bff4585f86132a4e8bfac2c65f0de3c524d2cd8da4239f6b0e885a3bc2ab572e2abe95a6196408381c20431fb8c
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order.xlsx
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Purchase order.xlsx
-
Size
71KB
-
MD5
62e0d75168635953e8f6ec3676e5ee5e
-
SHA1
e0d80f2d4c6f91171a42acaad942377413ad8e49
-
SHA256
14b387257fae52d4311292395c98846292179cc26d29a5865b1e702dbafc781f
-
SHA512
38993dc8dd600cdcca2703d3294b70a4cadd76334af07486d6a904dcaf4b89ca8d40e6ed64d154d6fc4bf98e1daaf07b29a2c52c80603195f9815ba719ab023b
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-