General
-
Target
P-009878 PROJECT PROPOSAL.xlsx
-
Size
177KB
-
Sample
220705-pffrksahe6
-
MD5
c69c359c21740d608e1bb353f3617201
-
SHA1
dd076a4f5157998a66b858a69790445205814caa
-
SHA256
f856775311b5f946c55d9aa95fc9e2b1b179fa965af1086ec227df0fa9fed250
-
SHA512
d1ba49fbca0fdbd028e80eb0f5ec7ac2f1d7350a28d4a6b1b7fc77af1fde373d85ebd530155d3f67923aca2aa8cd82fc5c0bdc96e55abd57a34a432f10cf4ed6
Static task
static1
Behavioral task
behavioral1
Sample
P-009878 PROJECT PROPOSAL.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
P-009878 PROJECT PROPOSAL.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.9
wfc6
FPF0BDtsP/0Z3N3EpIfSsQ==
wZbFgKkm5jUpFbB+GQ==
I/oJ0Jcb+eoMqQ==
w7zarxxnPcIgupA=
63SbUimyWalvjfJdRb9U
igCt44uCBYeAugeiTMZW
ZHJ4C8BlAvVDAIRo
XJUEKbSv5SVkKdCoWvkuKiQ=
TDPHixX7VMIgupA=
Xt5NdBkHqXeYgHtS6Lik7Sw=
rJKZiOi3mIr7iH5dEQ==
wbheFmd7+XMkt7KALN8A2NcT+npeUP+g
xqk06+lXAT3bemE847ik7Sw=
YS7SndCMWuCAFbB+GQ==
tJ4lxa1kPUfSZ4UiujZGLCQ=
j8gSmNPGzqe6
iQORUvIx0N1glkfomjmZCzmGPbKE/A==
dlD3cvHVcUBqgNrHpIfSsQ==
Sk9cCV2WvRkavg==
70RVeKQWsgOZMyf+0g0zKyM=
ohA2+Np+OXsEkI9kEcH18SFl14w=
ST7zr+vrjluKY0044qtjpaActyK9
CXijyOBe299npm3+ozM=
tphA7dOGMwEL+E4g/LbEqA==
wZY0YPg56DPTpVAowDs=
lGgNzOJX9yWTNZJx
IukdRenq0udDAIRo
/v2eVZ/MuMJDdtCjO7pJmVRGDftzvas62w==
feXz+6MdJRoTzIc=
X1gMxLgjzQqpQh37n0qlSXq5
bvYhjGIj+eoMqQ==
JnygzOBS4RoTzIc=
aE5SgJwPjJMaX+LFadoOYaArpJmB9ps=
ZVoMNsGzYh4uFbB+GQ==
Y/h4es8mfMIgupA=
5LY/YvHhvRkavg==
X9jXctO6Rd0BHIRTCp9Asnl/h7heUP+g
d9naXx+nRMIgupA=
ZEbgr2pZMCg5Kphx
8Fhj8rA21BCbyA6tjcV5uQ==
mZAZqt/JZStIYMZdRb9U
VU1PAFiTvRkavg==
d8b+wmHKSk3UFZ5zCY95/DM=
mJKsYw+CInX2XW3+ozM=
nOcOwY8W+eoMqQ==
4tyXN3eC9m8RnZFiC7v38SFl14w=
CYB9GOdpC1YDULZdRb9U
vCtZAF6ROnP6g4JS47ik7Sw=
qn4l0rBZCNb49n1A4rik7Sw=
8jY5Oo2TMPEYScRdRb9U
uLhFDueWOXGt
cPqn2X1t8bDiAHBC4FelSXq5
RC5DCM9m6vyHvkgZtU01q04hqs5v8A==
Lg22bRP9zNJG30QOwll3qyFl14w=
9PLzES2aQZcTfVoz4bik7Sw=
LaLYmAfLUFr4ULpdRb9U
+3D9DY7joOWGGQTqmkqlSXq5
v4VAbfsSO/JDAIRo
Pkbwmo1bGvRDAIRo
bMTnAuajbyg18OfCpIfSsQ==
XqzQnn/+pQGhCdu2YRRQoCFl14w=
aWd4kIAzHy2TNZJx
mY5/lIo95Zu4Y0rXud+C8TU=
8AAvYXM4BuUB5D0q/LbEqA==
ssdunlimited.com
Targets
-
-
Target
P-009878 PROJECT PROPOSAL.xlsx
-
Size
177KB
-
MD5
c69c359c21740d608e1bb353f3617201
-
SHA1
dd076a4f5157998a66b858a69790445205814caa
-
SHA256
f856775311b5f946c55d9aa95fc9e2b1b179fa965af1086ec227df0fa9fed250
-
SHA512
d1ba49fbca0fdbd028e80eb0f5ec7ac2f1d7350a28d4a6b1b7fc77af1fde373d85ebd530155d3f67923aca2aa8cd82fc5c0bdc96e55abd57a34a432f10cf4ed6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-