General
-
Target
Doc_230130.xlsx.zip
-
Size
700KB
-
Sample
230130-lyt55shh94
-
MD5
d527d61a03fb335f1e857e20668f10f4
-
SHA1
9aa84ed97c1303219448552a7251efa1f1fdfdcd
-
SHA256
084b97b355d56cc5218df3154cb1a30469b9c491f7e2c25afe2cd3dc138fba22
-
SHA512
f4fc76b18920490f594facb7d7224827a6c0b5dbc1ce9971d479b25440f1ab074eb3737e7c4201627ab17ccb7cf71eac992dfe72d93bc7324824c7b4aec065e7
-
SSDEEP
12288:+PA07QBQuIEy/y+yH3zF/rnE2e62itIXh5VNTQWqgdvz+4fMzylWxDv4ozDB1m:+IwQPIB+Dn6i25LTbqgdvz9qMozl1m
Static task
static1
Behavioral task
behavioral1
Sample
Doc_230130.xlsx
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Doc_230130.xlsx
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
poub
WY0eksfISzRg4O6c+opnGL6gaw==
moRjn9ExtYi8UmUo+Tya
2vME+GedoxzFnuLXesUoVj4=
EvW4JWJ1NQ8nN3tA3SM=
2mK9efMZMgN1VOs=
8d0jua5b0J6AQEW7
/2cyThOd37DSTYMASDye4Q0t/Vs=
ral+tbIh2KKAQEW7
YLY9jsPtYB/FRmMo+Tya
R1WcElWAMtFxFrVqtZT2ZpIS9xRZNho=
KFXGg/T1pCC9GjrxUPTcjw==
8mMlK5nDwjjPFTP5jMtAtQ0t/Vs=
c7am8nhhlCo=
UW91trZj6dENxuRdpxOvW1Cf
sjOMUcvq6lYJCZEfV4euFzY=
62nBgPjdmWQkmWElww==
64E8JqA1aruSUvw=
NqI1reXpcR+REye0
8+y1oOsbjgSyEhjXUPTcjw==
Rx9by8gNBwN1VOs=
Muif0yE4CQN1VOs=
VEt6//SsIukFo46EOTs=
Z8su52MYL67C
usDwuHRs8/KlWg==
idmltXXu7XAgHLE/UPTcjw==
QPrxO2shWNiGexGboHDSRqBQ1TBd
hq9rqBND8/KlWg==
QS9iHFx08/KlWg==
v1soVFoThEdt/B/dK0v4+6Wb
7rqJytN13KKAQEW7
OWbeN2SDJwonsI6EOTs=
aqQrrKZDm16GMlAtvxavW1Cf
imnEZWIEbC4M8Q+i
Bry3oQg5+6ZaUNxzwg==
B3vYmyxPQS5XYvmCsqQXX8X948Zf
KbGBmwwCyKTKsUcRUNN6CD61aw==
2WpDae4P+W4cdqc8kPBcjqg0wS1X
MvkZLPRY25jI
Alr0VZGxYxG3dR/zSNjBhQ==
ZJkdjczlrF+8l0Os
dcmMkFm+QhFD4OM=
fMdUrd4J1n4mmWElww==
Gat+k1fHg11vTQ==
sn+7Q4uxaAu9FyGv7k24F1DWaBEvmRI=
CjvGRTnXOhtN6QSNxhmvW1Cf
CpHvP2VSxaKAQEW7
qQWkEUJYFKhPttOZ4MarX8KKLl+/Jg==
GNVP4yIy8/KlWg==
pqfVAERhYxN7YPM=
9nS5b/AGCpZNAfZj1A==
a3GcpSND8/KlWg==
fin6NmQXayreIOrzPyw=
EjdROfeTsDPVH+rzPyw=
DO4xD8nURBwM8Q+i
+p/LQHFh0KOAQEW7
iNos10QpwjvjvFrXJYtYFiuHdA==
SX//aFP4Yi5T6NbcKQr07J6e
2NKh0dNr52sTdH4OSNjBhQ==
ZMSJmgsxFrlp5fnecrgeVYcP4xRZNho=
oXmlavAJ+3IbFbl3Gm4H+iKG
ijjWRYCaXiTcigreSNjBhQ==
ZqpH49I4XPu1k+rzPyw=
ZZUh+4FrrBbKukgJWoeuFzY=
lLnTxHn7rq/W9G8rzjsgCnyBYw==
drzjup.space
Targets
-
-
Target
Doc_230130.xlsx
-
Size
702KB
-
MD5
d580807d4ec90e4abef17b0b89bc6ca3
-
SHA1
5051e0df1c94942a5c911f15d4d4b9d3b7252939
-
SHA256
3d120d5932768adbbae1ebe3a10396f58808d5f586b72f5a22b623214ea1830d
-
SHA512
98535ead563d472a600f5aebffb3b74491cfd8b22d4e8b4ab5b2aa4f9cf71b460d54443b03c1f14e2452e44069ed9d2f63723091e24d2ed14f788800bd093d15
-
SSDEEP
12288:wmpPU4JAXM6skUcuV6573iOux7bd9lkMszTpCrnQ4X8WGgIwS8+/zSnyDI:jfKikUcTxi5d9cpkQ4JL7q730
-
Xloader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-