General
-
Target
Purchase order.xlsx
-
Size
176KB
-
Sample
220707-ggvywsgcc4
-
MD5
64149c6e22404ef9a319a2db97fb378e
-
SHA1
62ba4c9e779725fde57e30c5420302647b98b76c
-
SHA256
65422e9c3dbf3159e51d223541718875840dc1b473ff124f09c5e52f96329b6b
-
SHA512
14c9162e34d67f347c63c01b3a0ef21f42bd1bcf33d3b0f1523c500ef50e824369d180259c90b74b829f9c1f04591821146812f281870e48830bdeb0b61259b7
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order.xlsx
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Purchase order.xlsx
-
Size
176KB
-
MD5
64149c6e22404ef9a319a2db97fb378e
-
SHA1
62ba4c9e779725fde57e30c5420302647b98b76c
-
SHA256
65422e9c3dbf3159e51d223541718875840dc1b473ff124f09c5e52f96329b6b
-
SHA512
14c9162e34d67f347c63c01b3a0ef21f42bd1bcf33d3b0f1523c500ef50e824369d180259c90b74b829f9c1f04591821146812f281870e48830bdeb0b61259b7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-