General
-
Target
doc87654345678765456700876.xlsx
-
Size
172KB
-
Sample
220707-g5f5msedfj
-
MD5
1a655288d3217735e89fd31c24d1d740
-
SHA1
6361b7bb9693d3cf23a8c4c8b915f03e2ef67e69
-
SHA256
0040f5c1c1699e37a9a422b1446ec89c28ebbbc81baaa7e17cc5ca722751eb5a
-
SHA512
80349162d9ec866539ccd3cc11051451128bb33fa82f07ce6f5ff603df1d5c194e4d4df1c88a05e66ce01bd292e1404f00f624d0616f1d5d16e5c295c6baa54f
Static task
static1
Behavioral task
behavioral1
Sample
doc87654345678765456700876.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
doc87654345678765456700876.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.7
n5mz
ezhuilike.com
broomstickrum.com
ramaniclothing.com
midbots.com
rlxscpe.com
elanagro.online
chahuajie.com
digipubcity.com
predatorstoppers.com
savas-jewelry.com
timinis23.com
homesteaddesignstudio.net
bellezadehoy.online
disintar.xyz
sharinks.tech
redfoxdetroit.com
resscoptheron.com
aspiritualgiftshoppe.com
tematemazo.com
assasa.net
rogfinance.info
ms7779.com
100shortvideos.com
funandfoodboat.com
hubinvoice.com
geroofl.com
unitedoceanlogistics.com
vineabank.com
manchimaata.com
comproorohuelva.com
schooledwriters.com
pastafrescabg.com
no-website-yet.com
waydiscount3.xyz
shroommhc.com
letbeautifyus.com
1869114763.xyz
gasurvivalgear.com
usdtsearch.com
bluewavewoodrow.com
shumeldavisual.com
onlinedegreesukr.com
iden3s.com
kathhyhenslee.com
norskeplanteskoler.online
fullsexzone.net
ssq0973.com
hayatcevredanismanlik.com
pageone.life
takeka.com
karbies.com
augustamobilenotary.net
equipoheza.com
thewoodlandsmusiclessons.com
albemale.com
chaobomedia.com
hg06809.com
icarus-soft.com
duckholland.com
profoxwebdesigner.online
admoola.com
ds922.com
antipeek.net
fanjingdesigner.com
sinibelanja.website
Targets
-
-
Target
doc87654345678765456700876.xlsx
-
Size
172KB
-
MD5
1a655288d3217735e89fd31c24d1d740
-
SHA1
6361b7bb9693d3cf23a8c4c8b915f03e2ef67e69
-
SHA256
0040f5c1c1699e37a9a422b1446ec89c28ebbbc81baaa7e17cc5ca722751eb5a
-
SHA512
80349162d9ec866539ccd3cc11051451128bb33fa82f07ce6f5ff603df1d5c194e4d4df1c88a05e66ce01bd292e1404f00f624d0616f1d5d16e5c295c6baa54f
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
ModiLoader Second Stage
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-