General
-
Target
Packing list • Invoice • Country of origin.exe
-
Size
377KB
-
Sample
210115-we2f21kvba
-
MD5
573ad7a8627f24f2e6fc4aa3c53f6328
-
SHA1
2e292b7e6f41b0fd7dd31424989e5640f6e41e38
-
SHA256
b4a9843d6c2869da17c9fb36d3aae7b869f3df444280943e07f3944f6408f086
-
SHA512
750436f6da6c8daed66b61433789dc6a76a49bab86f2d5ef43434d9e77ed702ea5cc020981d9382b2ec8f1c0584d6600897efa67763e513a2569417e54222bc3
Static task
static1
Behavioral task
behavioral1
Sample
Packing list • Invoice • Country of origin.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.4mzn-l1mit.com/x2ee/
imarrawk.com
focusonyouwa.com
thedallygrind.com
hexa4shop.com
rebeccaroni.com
rocketmortgageliar.net
roomkoala.com
zewkr.com
gighomesale.com
xenonsunglasses.com
clqck.com
alittlereward.com
neuroeka.digital
gadgetsat.online
steigersteel.com
fsjdc.com
realnie-svingeri.site
directcare.pro
mo-kita.com
faxbbs.com
magenx2.info
alrihabexpress.com
mandarinorientalcondosboca.com
submitahero.com
bloglifeme.com
31camillestreet.com
christinemchughic.com
dingtaifeng.ltd
sculpturepaintingvietnam.com
maga-tramontina.com
hotelmeriya.com
genumkm-pertamina.com
vihaanmoorthy.com
putramandiricyber.com
gzlydt.com
ahlussunnahfortaleza.com
suksuk.net
matilier.com
housepopup.com
pro-traffic.group
gentsclubdubai.com
saideheng.com
artsfam.com
garimaproperties.com
waf.design
ugcfashion.com
sieuthiansach.com
herbcraze420.com
ninetydollarwebsites.com
sutiabodybeauty.com
wy113l.com
myenterprisedesk.com
theskinnyspritz.com
datasoma.digital
wefixpclaptop.com
kathleendenese.com
thehuntingandfishingshow.com
puequefun.com
markenvandrerhjem.com
greenvillehorticulturellc.com
annmargaretkeller.com
treasurespoint.com
chegemblocsbattle.com
biciesentieri.com
Targets
-
-
Target
Packing list • Invoice • Country of origin.exe
-
Size
377KB
-
MD5
573ad7a8627f24f2e6fc4aa3c53f6328
-
SHA1
2e292b7e6f41b0fd7dd31424989e5640f6e41e38
-
SHA256
b4a9843d6c2869da17c9fb36d3aae7b869f3df444280943e07f3944f6408f086
-
SHA512
750436f6da6c8daed66b61433789dc6a76a49bab86f2d5ef43434d9e77ed702ea5cc020981d9382b2ec8f1c0584d6600897efa67763e513a2569417e54222bc3
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-