General
-
Target
ff0ca26fa608a5aa95817cd3cf48f963
-
Size
243KB
-
Sample
220707-f94aasgae3
-
MD5
ff0ca26fa608a5aa95817cd3cf48f963
-
SHA1
a93367ecac997c7d98963f75ef3a46978cf88ba9
-
SHA256
97f22b3fd2fa6b95d33a37302cf935d7c67ee419d3acf7a7d8f2bcae09c42543
-
SHA512
36811b75f4eaf9b0c05d1c55959931a02df4cc6951c6a07ffe25a63e8b9f4704175bf37bde1df7f4241d8973f3a173ddca0c417862bbfd55e172f9d4948ffdbd
Static task
static1
Behavioral task
behavioral1
Sample
RFQ LIST UPDATE.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ LIST UPDATE.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.5
sk8m
cruisinforabluesin.net
elkntordo.quest
mtmoriginal.com
arespermire.quest
maisoulcolor.com
thegreekfarmerstaverna.com
midlife-fitness.com
uniquelyjessica.com
everybunnyeverybirdy.net
tryafaq.com
aandreashopp.com
selfyou.store
healthtradeusa.com
visiency.com
rainbowshopscom.com
raj-spostitve.com
jupiterflightband.com
haigui.ltd
theparentharbour.com
themutualfriend.com
nobodybutgod.com
seabreezewindowsanddoors.com
steam-whistle.xyz
xlg777.top
glazeind.com
onlinefreetestseries.com
aideritehealth.com
jan-lead.com
farmlimit.com
todofracciones.com
deluxeagent.club
greaterhartfordeats.com
sedyxim.xyz
loontproject.com
drsharonslanguageclasses.mobi
orkadoodle.com
raqsglobal.com
uniquepdglobal.com
niagarachair.com
hostageujkptp.xyz
tastemon.com
ywankm.com
rip-online.com
bousui.club
binges66v.com
superspeedshops.com
b148twpnmu5uvtvnvfk5916.com
myq816oyoukrf9winwyqsw.xyz
shoppernft.com
alexandra-coachingmarketing.com
goohosted.online
shalomroofing.net
y-s-charm.com
lagovistaestates.com
luxuryshopi.com
bekoopverzak.quest
sh10000.store
bama-blues.com
clearviewdirect.net
lotsofcoingifts.com
kcdaikuan.com
cryptopsales.com
meducators.net
oneworldeg.net
snowwisdom.com
Targets
-
-
Target
RFQ LIST UPDATE.xlsx
-
Size
176KB
-
MD5
487d48d782cec7bd71c3e772f8c97f63
-
SHA1
6f5f1d3b219116ee88872fa2d7ac68aa8631f39d
-
SHA256
fa64f2d2bdcd2e53e47f3573baf59d4e454b4b01d11502ef752c174135b85878
-
SHA512
a803bc7b32ff4fd745619cc8854d263e331f8e358ebbb67d15bf5d9e949d41700cb5a415953e2b025ebe03e4d423388df19aa8457218ff0653434229041a86fc
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-