General
-
Target
83d9be0129bf628fd4ad7f850492bf91
-
Size
41KB
-
Sample
220629-faqvxsgea6
-
MD5
83d9be0129bf628fd4ad7f850492bf91
-
SHA1
9e6ed913a0bd0d04e40135d12e881e4206bcc8da
-
SHA256
773d63cc0b845b296feaf691024acd91d88ca60bea5be91e9c3d83f23c840e22
-
SHA512
d4c1083a398b682ea5b22721f92be7b552477b41f1004a4fe498325016e581a33179fb6c71ccbdaa62a211f6e7ce25780944318c3b798533041b8a636f7fedbe
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FACTURA.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.8
nn40
LYAg0yANOGEAGeaFOrA/
MQWuERZplP+VZy/uszI=
CF0oDN0JimIaGy/uszI=
ltJnyC+ReohYaiTvj1qbEA==
B9OkgdctVKBAFjSUaw==
sbDVwSZVVqVB11/deow8GA==
v1gHDe0pzno=
i+/0n2vHUfGPR98k77tukZ90MQ==
SUtCnbS96Qm21g==
8X9qzyt1dpAo31jXrXfKb49fBPY=
5KlPxqHzSstuFjSUaw==
0r/Kesv/zuanroxvNQW0Gm8=
FFgS7kfPYAqpdhhgRgnBJHY=
LgusAHrkrIoWr0FWIe2o/04UXPw=
vBq9Gvxa9wbKbS/uszI=
Z+q6HAZNNeqwwQ==
wbS4fMb06SjU5Kbseow8GA==
1mZEuZvJ/m0L9bof56PkkZ90MQ==
JCJIM74lHk/o+tiFOrA/
d14FrM8rGEgIzVkT67+3XaEh
OtJqJTaZyD/bgy/uszI=
MMzqpo3pVjbaigine/p4W6dqZPJKkg==
LRS4MpnBeVxC/bqjf0kMBGop69QC
7FTxgWaTLAKbm3B0QgW0Gm8=
hjbYktAyum2JNK6N
WRtxyNlENeqwwQ==
MTOKH+0pzno=
8LkJ8EsWWHIK
zs758oMTaffAxI0bn2uqFw==
ariAXDqMsKpwF5U=
UEZOAmXFnpRh+rqD
T5e5xzlTNeqwwQ==
tp424+UDomI=
Y7VXD+I8CKVuDZQ=
zg6qeGbHO1F+FjSUaw==
JPypEB2CuDAz+bXSrjo=
8ah8cf5odcPNS+Sa
k+CGNhyOMKVuDZQ=
oVviitkD8B7ZmijeyIDFOI9nZPJKkg==
TtztqHfKKqQWuVRvT9fSSpJJmAFYLjw=
p6pvJHfZmJgx6XwYuL56b798MA==
WWmegczy4x2O+cIC27RtkZ90MQ==
/QrLiDyde3RJWRwRmWYo
PtShJAZG1WU6LP3osjo=
ZTrOf2PMho1kdm/JtSU=
A1ssC+pS8dvNS+Sa
K4g38tVda8DNS+Sa
Dz7fj13DnKh1iV8++X2H8Fbeq1jBGh4D
0AjPwNQtnWUEpDBAJbq9GG8p69QC
ALhKrIu7/5BTRf1OQAW0Gm8=
a5Zp3GrGWhzmrBYRmWYo
dwzcQzpnYYAi8G7eypfSS6d3oWmQnQ==
VR3AHfcDyG79m6bm0YnEOEBS/fQ=
pyZFKiWXNaVuDZQ=
dzf0zzBlYaqLFjSUaw==
D6TIj16hJ8JhJMom8rlxkZ90MQ==
8qkyvpp56Qm21g==
4qNmKHymVg3Bx4M=
MOiH6DRYhutyFjSUaw==
JqTDnm+zOQLV+83Ucm9GDw==
YQilIAQqUM5vFjSUaw==
84U/nbvTQwzcyQ==
mC34kB9LdeJuFjSUaw==
DKLKrbwuuWyJNK6N
thisismyhomevalue.com
Targets
-
-
Target
FACTURA.xlsx
-
Size
21KB
-
MD5
2b5cfba8b8a8163b8ad47898320781e5
-
SHA1
4bc6411ac41d9d16745c52d9813fcafff0ce203d
-
SHA256
b80d9442af9aa6731ff5ec5b3348361ea10b52e37bea9a07cb50b33b99dcf3ea
-
SHA512
d38bd4957c72e40dd7ae4b46a5036586e54db554f32817c03c012f745044e98a0eea88e3f741f6bbffd95fde97a807805770ba71603c232000ada5c61fd257f3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
decrypted
-
Size
17KB
-
MD5
6c484d1c49dbcffb13cdea1076e41013
-
SHA1
d9e69e6cd9db79fb4282b6fd3dc66eec1f0802bc
-
SHA256
b270f4d3e32e80cf84f8e45ac716645ec4ca2106734451d62b70260e1edac710
-
SHA512
775ed0832f9f8a2f464e13b5e2e10ada52c465756c859065e63686a13f1230cb00894ff0120de09e4b130d5471e6b5843ee280ba66cc880b8a03f9f3c2edb3a3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-