General
-
Target
INVOICE xlsx.exe
-
Size
661KB
-
Sample
220707-e1yg1sfbg7
-
MD5
c3d9581dfe9bc99d5999828f4177b264
-
SHA1
42f526e8bcae0f3e6404e9bed89431cd6b5c9fa4
-
SHA256
b88777182ffbc0f28b68902a00f0b8a51b8dee4ef0104720a9ca92e18d920d81
-
SHA512
d0c71bbc6b363cda4f2e686eb40e8b3295e7f6a43d42aaeecc5a99a64a7960a5d2594733af336aca1dd1204d2abec3f9311ccbb4db53894c95c818bc21248671
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE xlsx.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
t20a
ovewaci.com
explorebantentravel.com
productdesigninfo.com
harlis-kapitol.com
amishaentertainment.com
lauraheagy.com
sjg-central.xyz
amberdreamscattery.com
4848caomm2.com
a1brts.com
americareambulance.com
geekplusrobots.com
wiggitywack.com
baileyit.com
1dayshade.com
dergburo.com
aljeb.com
winnerisserved.com
safetyutilityeng.com
pchconsumerwinneralert.com
graphicartaward.com
evantox.com
apjiuyun.com
rwc2027.net
365max1.com
congfujk.com
ionutmuresan.com
apartpay.site
best-tools.info
luxerealty.info
wendelcomqanies.com
moyulianmeng.com
renrenjucais88.com
xn--stg.com
panthorturnkey.com
flockbot.xyz
spiderteckstudios.com
0951ebhk.com
sonicminute.net
officialsafeharness.com
usawaxing.com
magazadepom.xyz
mukundplaza.tech
good-feeling.biz
yeyeps.com
huxiaosheji.com
ardennes-2022.com
etair-norway.com
app-polingons.site
holistic.photos
syfwzd.com
bochanghaxi.club
keypoker.online
porogi-zamena-minsk.site
gocomplement.com
chengrenxx.life
sanderscastle.com
quiztwiz.com
mightypixel.media
tersaara.com
howtostock.com
oopsiedaisyposies.com
rumersblooms.com
tutolitas.com
enablemhasis.com
Targets
-
-
Target
INVOICE xlsx.exe
-
Size
661KB
-
MD5
c3d9581dfe9bc99d5999828f4177b264
-
SHA1
42f526e8bcae0f3e6404e9bed89431cd6b5c9fa4
-
SHA256
b88777182ffbc0f28b68902a00f0b8a51b8dee4ef0104720a9ca92e18d920d81
-
SHA512
d0c71bbc6b363cda4f2e686eb40e8b3295e7f6a43d42aaeecc5a99a64a7960a5d2594733af336aca1dd1204d2abec3f9311ccbb4db53894c95c818bc21248671
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-