General
-
Target
SGLN22060220.xlsx
-
Size
79KB
-
Sample
220622-sbk3aahdcj
-
MD5
57efdb5c07a2948e09c3535d3b91fc72
-
SHA1
974c2be9ff6499240c09b570e759e17b83061c68
-
SHA256
a5985216525198346400da43be15f61b3ef5fcb784d6ebd43ddfc9e269704a68
-
SHA512
e19b817387f494bea3a879e1d19a63d9a605e8d38f75e0650c64a389f78aca05245a5fdfe28f823b41439be6eabfbffcc7a5adbeeaea26bbd71b78a56135918f
Static task
static1
Behavioral task
behavioral1
Sample
SGLN22060220.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SGLN22060220.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
tn61
ryliehorrall.art
mesdco.net
street-art-ink.com
sepetcin.com
stilghar.com
hawaiipooltiles.com
fuerst-von-falkennest.com
totalvirtue.com
xdk0blc0tqy6a7.life
zootowngravel.com
kreditkarten-optionde.com
6888tlbb.xyz
albertakleekai.com
travelnurseinfofinder3.life
valleyinnswat.com
secure-remove-devices.com
digitalswamy.com
www112casinova.com
medifasttrd.com
distritoxermar.com
ebwagner.com
biworker.com
0571kt.net
mjuelaw.com
buildlimitlesswealth.com
wbclips.com
session.care
museatthemill.com
pjhxsl.com
momentums6.com
electricbike.energy
accommodations.network
libroskolibris.com
sejintech.net
parkchestergardens.info
gndgame.info
arcwarp.com
aboveallonline.com
dinotacker.com
ufc188livestreamfree.com
saulomar.com
atmworldexpo.com
chooox.com
admissium.com
dacdem.com
oneruk-chandeliercleaning.com
oyster-iot.cloud
mutinybrewworks.com
yaoih.com
dmitchellpropertiesllc.com
nuoicaymosaigon.com
peacockgotv.com
nextr.xyz
bidvastil.com
shahanhan.com
goodlordy.net
banlyeojob.com
tasteatlus.com
ecotone-os.xyz
urbanartco.com
drecibo.com
davegwatkin.com
pharmiva.net
accordingtopreston.com
blizzardboy.net
Targets
-
-
Target
SGLN22060220.xlsx
-
Size
79KB
-
MD5
57efdb5c07a2948e09c3535d3b91fc72
-
SHA1
974c2be9ff6499240c09b570e759e17b83061c68
-
SHA256
a5985216525198346400da43be15f61b3ef5fcb784d6ebd43ddfc9e269704a68
-
SHA512
e19b817387f494bea3a879e1d19a63d9a605e8d38f75e0650c64a389f78aca05245a5fdfe28f823b41439be6eabfbffcc7a5adbeeaea26bbd71b78a56135918f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-