General
-
Target
6d4977cb739bd60eaf1bd6cea2258cf09a2aaab71a3646f8c055ba9fbc5db6f5.xlsx
-
Size
896KB
-
Sample
230206-3q5qcagd82
-
MD5
eb5418b2d45b0f361fa93f01139871d0
-
SHA1
882c97f3fd9b406183e4ac01396ff41fabb2c1b3
-
SHA256
6d4977cb739bd60eaf1bd6cea2258cf09a2aaab71a3646f8c055ba9fbc5db6f5
-
SHA512
7aad6ed53af3b4f0d7f8da3dababe42cb48ca086bdc495ad5908ab74ee90e3dcc4f45a9b66d091241868aa21fa79b2578ee02ba9f46f4fc3ff53e4dedf068107
-
SSDEEP
24576:7oD1xqL1dePSHEwb2hvSiMBpVxYyUYbLQhCntqY:cD1xqLD7HNb2NMHVhUYbkhmqY
Static task
static1
Behavioral task
behavioral1
Sample
6d4977cb739bd60eaf1bd6cea2258cf09a2aaab71a3646f8c055ba9fbc5db6f5.xlsx
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6d4977cb739bd60eaf1bd6cea2258cf09a2aaab71a3646f8c055ba9fbc5db6f5.xlsx
Resource
win10v2004-20220901-en
Malware Config
Extracted
formbook
u8ow
uzhDDUNgg10rOh8rkUMGYiLuNnRWl9gwMQ==
bfkA4IUaSgYi7IA=
ezX5yHeR21O3h2RCgQ==
x3E4ntHeLMGQm0kdTi6PJtjOVS6Em8UaKA==
xJuAYwcZLAfqrVazWjvkirgFxDSf
qrGugLdannLYegX5dCtFMA==
i61nMddueAYi7IA=
RoNMKNhtdDWpeiYoaB37TPiHTLo=
RFj3UHHrDtAktSZhYku36opnsaMbNA==
lx0g+6RPl4jwwNPRPuTD
MyEQ4oGk6vXrMM4V
0IVWH0rfKe1J4nn6J9XB
SYVlN3Zrnq2OaWpDiQ==
fNa0jy3P8KQK25rpmwqd0t8=
UZuSZpW+9ffX9KXzmgqd0t8=
Vxf85YCWvYNZjkcDdCtFMA==
0gG1EzLP7/DrMM4V
WExRGVAEE6YS5tJkTxMhR636+A==
6Tv7U4QdURt1KUI+gw==
ooR7RXgsXPtaEutnaQ3efjIXmfJePavzIA==
kH1+agwHHalYZx6qIgfY
ZWt1Rm0DSQlnBqPfWQAc/tcr
cLCK7t168nLRaWpDiQ==
mhlxXnj4ae2oyA==
cNfFjLnZBAbktB6qIgfY
e4+aeK07RtRvyDdIwbTJ
zV1cO+x+pG5zGpk=
Chw2HE2XGN4+Cr/5oYw2qDok
DP/jRm13vb2eiYBXkQ==
Ma9RHLrYBdejyIc/Mg2d/8xWIqM=
VTo6X4LaHCfge/wU
sWUqRFyEF4620a0t2n8=
gFcKdpXTkQzrMM4V
OhMDz+2HrUeaOs/fJBHkCKz7+g==
VO2d9iU2Thf318SIwq0EOA==
e1ku/6K39wfJUusrm0vPx4XRqHIvPpc=
P+jz1DwdYV0=
bTf6X4eNo29HFZaYHIdgOg==
4T4u2HphcHA0
tbfJk7tho2DrMM4V
mN6i/Su4QgqJXCqCRzW3mzJHyrWX
zW04ErzqFdmbu79Rig==
ZmprSnkJRcl0JKT6J9XB
MpWLW5et5BoKKk+rm3c=
Zr2aZxK7/FrlpnRYlw==
0U3tR3qhsDuRX0ebnn0=
wwHLoEjfITb8VSKpjXQ=
U0tVJVTjQAYi7IA=
UhwL8pe04L+OaWpDiQ==
aopHm8x6r2frMM4V
Lmst/p5BnbN6FIkTOM8rEdc=
GE06CTdjgx+Q6ZIV2H8=
EEj/aJNAfnLggR7q56O3833n8g==
iNu4mEHQ21YCng0d
KDEzCTXL1lu2jm76J9XB
75FOp9va+5X90pMaWzhMstYm
dC3913qn0YlNK0+rm3c=
JdWkeCE2aH5uMqzDQikE2IVmsaMbNA==
DXRpMVx9wYHolAeOVjsokL9HyrWX
OhHhPWGIz5DefU+rm3c=
50M3F7hrlnBBTDLKumo4nMY=
Fqq41ivP9XMLaTycqZUCOA==
711EHcp3p3EnLk+rm3c=
LT/fL08ENi0Gi1dYk4bzMQ==
majorcaplanetary.com
Targets
-
-
Target
6d4977cb739bd60eaf1bd6cea2258cf09a2aaab71a3646f8c055ba9fbc5db6f5.xlsx
-
Size
896KB
-
MD5
eb5418b2d45b0f361fa93f01139871d0
-
SHA1
882c97f3fd9b406183e4ac01396ff41fabb2c1b3
-
SHA256
6d4977cb739bd60eaf1bd6cea2258cf09a2aaab71a3646f8c055ba9fbc5db6f5
-
SHA512
7aad6ed53af3b4f0d7f8da3dababe42cb48ca086bdc495ad5908ab74ee90e3dcc4f45a9b66d091241868aa21fa79b2578ee02ba9f46f4fc3ff53e4dedf068107
-
SSDEEP
24576:7oD1xqL1dePSHEwb2hvSiMBpVxYyUYbLQhCntqY:cD1xqLD7HNb2NMHVhUYbkhmqY
-
Xloader payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-