General
-
Target
Revise Order.exe
-
Size
868KB
-
Sample
210112-y1hhahrg9e
-
MD5
467fcc237db53f7bb42eac881adde0ba
-
SHA1
bd09e1cb4167721ab3c73f66a947201f13132378
-
SHA256
afaa365ef87b1aa804d330d56de9cee53e284870221ddf9aae2c36774e69e9af
-
SHA512
98a256583937fb716288c8990c46fba7e19d476f86c1be530510d8d76f78c869dbe6329262f10f903ce0cc13622231f23bb4372098125dede5c2e192791d986f
Static task
static1
Behavioral task
behavioral1
Sample
Revise Order.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.lensinlens.com/ehxh/
financialaccompany.com
face2bouk.com
blazedisinfecting.com
providaconsultinggroup.com
distriautosdelpacifico.com
myaduhelm.com
thangmaygiatot.com
nuevasantatecla.com
endpedophiles.com
alwanps.com
anzi-studio.com
twoswinginghammers.com
curbedinc.com
purecleantn.com
4levelsplit.com
talklinecall.com
egypte-vakanties.com
xzntfwof.icu
sosyoclassic.com
adjoalearningacademy.com
alphacinema.net
lady2lover.com
eleanorandhick.com
kimsfist.com
pemasangangipsum.com
mrkabaadiwala.com
alltechengwork.com
marvitrans.net
islamicwatchdogmovement.net
fortunefoundrydesign.com
911strongerlife.com
cb13xxx.com
ameriloans.info
grantmohnphotography.com
iregentos.info
tubeknows.com
clarkacademiccoaching.com
hongzhifreight.com
sparkletosprinkles.com
sprtncloud.com
goegoldenretrievers.com
highstreetwear.com
channel22newz.com
jmuboprivacy.com
ayurvedayogasardinia.com
resethire.com
simplyrita.com
fatlosszone4u.com
brian.productions
qoogaloo.com
aubreyntaylor.com
jorgianamarlowe.com
onemilliondollarsapp.com
kontenery-pawilony.site
navinkhumui.xyz
lacroixandkress.com
luxlectric.net
haypr.com
lusomarkets.com
laplumebodas.com
leadhorn.com
masksthatsmile.com
suoxqxnnoj.net
xiamen8.xyz
Targets
-
-
Target
Revise Order.exe
-
Size
868KB
-
MD5
467fcc237db53f7bb42eac881adde0ba
-
SHA1
bd09e1cb4167721ab3c73f66a947201f13132378
-
SHA256
afaa365ef87b1aa804d330d56de9cee53e284870221ddf9aae2c36774e69e9af
-
SHA512
98a256583937fb716288c8990c46fba7e19d476f86c1be530510d8d76f78c869dbe6329262f10f903ce0cc13622231f23bb4372098125dede5c2e192791d986f
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-