General
-
Target
711258b3e03cce8f54d21d308583d262
-
Size
265KB
-
Sample
220707-f8qb2sdgdm
-
MD5
711258b3e03cce8f54d21d308583d262
-
SHA1
89e7fad64c0c02ae846b3c468206a2a1379b0d6c
-
SHA256
0381674ddc98e53b3452e7e0a7a5a392825a5d64483d0682eac28b9262b05735
-
SHA512
db635f89dd63a8dda63b80edc8fd40f20d960309521d93425319c97e1664abfffb6c4ea5519c92f7f46be9adffa99915e6debca7ac42b7bef1dac9c62fc875f9
Static task
static1
Behavioral task
behavioral1
Sample
RFQ#QNT 375281.xlsm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ#QNT 375281.xlsm
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
n8it
360-nft.com
reversedwarbler.com
corefina.com
pettigestudio.com
bienvenidomiami.com
directoriobid.com
ydshine.com
xuemengyc.com
crossfitlaquila.com
strongdigits.com
goldendtatedermatology.com
onlinecryptoarbitrage.com
ziyuechloezhang.com
khaijd.com
pickleballgiant.info
shopcycles3.com
dynamicmetalbuildings.com
vandorainvestmentpartners.com
syzbf15.xyz
directbizlending.xyz
e-volutionsf.com
winnerjourney.com
informasivalid.com
impossiblemachinelearning.com
findkode.com
onlinecoursesin.com
0532sme.com
leogaeofkingdoms.com
coloradopadelclub.com
gdpyy.com
plaquepsoriasismedcareus.com
edmontonfoundationrepair.net
cybitt.com
weddingseopro.com
riosenpodo.quest
taketherubbishout00001136.xyz
doubledotts.com
foodieonline.club
xe9b5mzzqzez5t.life
sculpturen.xyz
battene.com
learniebee.com
shamesupportclock.life
tfnor.com
trickwaves.com
presumablye.com
lookloc.xyz
xyypjq.xyz
ike-design.com
de7secondenglimlach.com
signalcharlie.store
gfgoldgroup.com
weytek.com
modellinghacks.com
fimacusa.net
triplatin.com
untilfun.com
sporerindividual.com
mevst.com
vertex-modal.com
overworld.site
areowed.site
thesleepercar.com
driveubertexas.com
electrosle.xyz
Targets
-
-
Target
RFQ#QNT 375281.xlsm
-
Size
193KB
-
MD5
907680c16f4042379141cf7023a8a92d
-
SHA1
92464aa3afa94c38acae3aaf7a1d0a6867091ddf
-
SHA256
74f99e39eb7894bd8dd60d9e42c528806b7008397c779260b70c8c0c5b9d470d
-
SHA512
c492eef61822417815a59689e755cffbc5017993ae08d956fad93e77417ed031187813a9b361b3455ebb4ce79721e630439ac13675b1aabb61d547b5cb0449d8
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-