General
-
Target
Doc_230125.xlsx
-
Size
644KB
-
Sample
230125-mkjypafg32
-
MD5
be7a9bc01cfea694a22d463ec14e7e3b
-
SHA1
1bc1b452bb230be5d4a51484ff4f2771f3792619
-
SHA256
8d9987b12667c1d3cfd71161c7d18fe4b152557157bed38264120baa49b184be
-
SHA512
e9543b207f84a9f2cd7f3b8f2c521e7dba9bef53e2d5439993e78d1596f737415f0bf1d82e2f5d4201206c2071a1661da901fbc60d54a3c6d1ecb50da47c0a38
-
SSDEEP
12288:frxQKDBSm3Wn/xyqZ8/uZv7Ddv4s00jN5jLelzGpEXiqYGwTtfOjOzVcV:tDn3Wn/sqH7Ddgs00/qlYEyLTAi2
Static task
static1
Behavioral task
behavioral1
Sample
Doc_230125.xlsx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Doc_230125.xlsx
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
poub
WY0eksfISzRg4O6c+opnGL6gaw==
moRjn9ExtYi8UmUo+Tya
2vME+GedoxzFnuLXesUoVj4=
EvW4JWJ1NQ8nN3tA3SM=
2mK9efMZMgN1VOs=
8d0jua5b0J6AQEW7
/2cyThOd37DSTYMASDye4Q0t/Vs=
ral+tbIh2KKAQEW7
YLY9jsPtYB/FRmMo+Tya
R1WcElWAMtFxFrVqtZT2ZpIS9xRZNho=
KFXGg/T1pCC9GjrxUPTcjw==
8mMlK5nDwjjPFTP5jMtAtQ0t/Vs=
c7am8nhhlCo=
UW91trZj6dENxuRdpxOvW1Cf
sjOMUcvq6lYJCZEfV4euFzY=
62nBgPjdmWQkmWElww==
64E8JqA1aruSUvw=
NqI1reXpcR+REye0
8+y1oOsbjgSyEhjXUPTcjw==
Rx9by8gNBwN1VOs=
Muif0yE4CQN1VOs=
VEt6//SsIukFo46EOTs=
Z8su52MYL67C
usDwuHRs8/KlWg==
idmltXXu7XAgHLE/UPTcjw==
QPrxO2shWNiGexGboHDSRqBQ1TBd
hq9rqBND8/KlWg==
QS9iHFx08/KlWg==
v1soVFoThEdt/B/dK0v4+6Wb
7rqJytN13KKAQEW7
OWbeN2SDJwonsI6EOTs=
aqQrrKZDm16GMlAtvxavW1Cf
imnEZWIEbC4M8Q+i
Bry3oQg5+6ZaUNxzwg==
B3vYmyxPQS5XYvmCsqQXX8X948Zf
KbGBmwwCyKTKsUcRUNN6CD61aw==
2WpDae4P+W4cdqc8kPBcjqg0wS1X
MvkZLPRY25jI
Alr0VZGxYxG3dR/zSNjBhQ==
ZJkdjczlrF+8l0Os
dcmMkFm+QhFD4OM=
fMdUrd4J1n4mmWElww==
Gat+k1fHg11vTQ==
sn+7Q4uxaAu9FyGv7k24F1DWaBEvmRI=
CjvGRTnXOhtN6QSNxhmvW1Cf
CpHvP2VSxaKAQEW7
qQWkEUJYFKhPttOZ4MarX8KKLl+/Jg==
GNVP4yIy8/KlWg==
pqfVAERhYxN7YPM=
9nS5b/AGCpZNAfZj1A==
a3GcpSND8/KlWg==
fin6NmQXayreIOrzPyw=
EjdROfeTsDPVH+rzPyw=
DO4xD8nURBwM8Q+i
+p/LQHFh0KOAQEW7
iNos10QpwjvjvFrXJYtYFiuHdA==
SX//aFP4Yi5T6NbcKQr07J6e
2NKh0dNr52sTdH4OSNjBhQ==
ZMSJmgsxFrlp5fnecrgeVYcP4xRZNho=
oXmlavAJ+3IbFbl3Gm4H+iKG
ijjWRYCaXiTcigreSNjBhQ==
ZqpH49I4XPu1k+rzPyw=
ZZUh+4FrrBbKukgJWoeuFzY=
lLnTxHn7rq/W9G8rzjsgCnyBYw==
drzjup.space
Targets
-
-
Target
Doc_230125.xlsx
-
Size
644KB
-
MD5
be7a9bc01cfea694a22d463ec14e7e3b
-
SHA1
1bc1b452bb230be5d4a51484ff4f2771f3792619
-
SHA256
8d9987b12667c1d3cfd71161c7d18fe4b152557157bed38264120baa49b184be
-
SHA512
e9543b207f84a9f2cd7f3b8f2c521e7dba9bef53e2d5439993e78d1596f737415f0bf1d82e2f5d4201206c2071a1661da901fbc60d54a3c6d1ecb50da47c0a38
-
SSDEEP
12288:frxQKDBSm3Wn/xyqZ8/uZv7Ddv4s00jN5jLelzGpEXiqYGwTtfOjOzVcV:tDn3Wn/sqH7Ddgs00/qlYEyLTAi2
-
Xloader payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation