General
-
Target
Quote. pdf......................................gz
-
Size
189KB
-
Sample
220626-x3r25aeba9
-
MD5
1ade9d3347a4bb8820eabb5c119c6f24
-
SHA1
2beb84b0bb322c7c351c69862a957d754bc2cbbf
-
SHA256
e058bf557fa6f5e4bfa9b54e3c75b9ae8e1d54c21a88808ccbc2643ace526300
-
SHA512
726505566ca6b2d272a5c2504ceb4748a0a11ef7d7f3ef1e440b043b806795afef03104503c9d4b9aba0c4200d5340cdabb95e31446d42dfa62146ac601c9554
Static task
static1
Behavioral task
behavioral1
Sample
Quote.js
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Quote.js
-
Size
333KB
-
MD5
975684a4e4f41819184343aad1824ed8
-
SHA1
3292e50015630dc896151bafb32049a6521f062d
-
SHA256
7e99192187bcad849b96bc9cd69254a2e68fef8ad1c73df7a410ba90ef2b898a
-
SHA512
3c1ebcd24d0305e1685015acf61744f8c8766154309955899309f7bdb7e6c82004201e554aa6f59a68d5c208391478022d4192f8c05631bea64c3e252b26cf11
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-