General
-
Target
sample catalog2022.xlsx
-
Size
150KB
-
Sample
220708-qvnamsfaa8
-
MD5
d023bbd88318f953625c00335d3bb2ca
-
SHA1
cf31252435f2da2c907fc06cfa7166e7b5561b09
-
SHA256
fe992d5f32cefe42e11076d5da2cc065de03d199600fd8d230c798a4281466c1
-
SHA512
2656a5040821933ab1bb473128311126dccf2455110fba5b733e88b3cab45327c9d877c50a31b45da1c54c91c8422af2e159af97a65ecaf5b0fb2e20fe4a87a3
Static task
static1
Behavioral task
behavioral1
Sample
sample catalog2022.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample catalog2022.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
vweq
malang-media.com
mrsfence.com
lubetops.com
aitimedia.net
montecryptocapital.com
ahwmedia.com
bvmnc.site
bggearstore.com
bcsantacoloma.online
alltimephotography.com
santacruz-roofings.com
leaplifestyleenterprises.com
censovet.com
similkameenfarms.com
undisclosed.email
thetrinityco.com
rapiturs.com
jedlersdorf.info
mh7jk12e.xyz
flygurlblogwordpress.com
goodbaddesign.com
equipmentrentalpartyplus.com
ohyoutube.com
projetoarvore.com
2379.flights
implemedescribed.com
kreasinesia.com
ownitoffice.com
fortekofteacizyemeknerde.store
my-wh-webproject.com
518499.com
naples-us.com
tlrohio.com
kanchava.com
lcloudfindin.com
cybermatrix.tech
i6lqi.xyz
ebay-online-selling-24.com
afrisectelecoms.com
tiantian997.xyz
strategyvenues.com
marketnear.watch
thebrooklynyogi.com
sonikbuilder.online
voyagesconsulting.com
ledgel0ungers.com
youhadtobethere.biz
disabled-long.com
dental-implants-encounter.life
zydssq.com
livingwell.green
doumao334.xyz
moodysoot.online
licos.xyz
maqitashop.com
doroos.online
laikemiao.com
petrolverse.xyz
apostolicpraise.net
todaychance.com
helightville.com
st-john-fisher-school.com
agwly.com
dashop.pro
zxc3426.xyz
Targets
-
-
Target
sample catalog2022.xlsx
-
Size
150KB
-
MD5
d023bbd88318f953625c00335d3bb2ca
-
SHA1
cf31252435f2da2c907fc06cfa7166e7b5561b09
-
SHA256
fe992d5f32cefe42e11076d5da2cc065de03d199600fd8d230c798a4281466c1
-
SHA512
2656a5040821933ab1bb473128311126dccf2455110fba5b733e88b3cab45327c9d877c50a31b45da1c54c91c8422af2e159af97a65ecaf5b0fb2e20fe4a87a3
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
decrypted
-
Size
144KB
-
MD5
f242855ee5e1524b5ad48f23b1358977
-
SHA1
605c0f50b0ee48cbca489e0e6afe8d57ac2fea9b
-
SHA256
f7513cb11ab947eff5d5cc7d6e07ac07ab6f7199898fbf4af6aeeabcef6ab966
-
SHA512
45761922f566a211636a61a3b68df5d6c9df3ff905aad1a9e965d7aeffe2eca88b37147f71d357915fed00337ad82b9a03b3e6fa358e0d193643d7dcac5c8a52
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-