General
-
Target
Consignment Details&BL Draft.exe
-
Size
663KB
-
Sample
210118-4c1jczjgb2
-
MD5
bbcdacdde22b8bab6d71f543c36c9b2f
-
SHA1
f4752b9407c50396ca6ca1fef1a50827eb5cbc10
-
SHA256
6fbc3e54a04aeadf268907b5041bdaf5af8980d76eafce3bc5d995c0fa779fd8
-
SHA512
37c504b110e85656398ca91c4ed67e2854252b5402ca1b60cd8a24fa38c4e67c9346a8b4dc14005a44cdab708488bfe8b58f52e36449a4467de928591cbc6919
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Details&BL Draft.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.mwavpn.com/9bwn/
italiancoastal.com
shareandfit.com
ibexacademia.com
guejek.com
vitalbizdev.com
connemaracomputers.com
surf-livre.com
styleforwoman.com
costcopaysecure.com
kingdomandqueendom.com
www-societegenerale.com
radiokerbfm.com
marylandstars.net
thechampionsday.com
beertenderb95.com
iybbshop.com
maglex.info
vh3g.asia
zaairobot.online
ryderhydros.com
gamedaigia.pro
online-termin-vereinbarung.info
essential-nature.com
parkwoodmeadowsseniorliving.com
lastenmedia.net
yaprs.com
redpinepainting.com
glensideautosales.net
gicirmotor.com
goblissyourself.com
depotresort.com
survivalrunfotografen.com
natursteinteppiche.com
hungr.website
njcantonpalece.com
huellatinta.com
solbesiktning.com
finanka.website
cleanworkstations.com
thedivinegifts.com
thefinalverdict.net
amsco-ems.com
bloomsfromtheheart.com
elgantlamps.com
theofficialcookiejar.com
maucay.com
domains4me.net
takedaitos.com
tmlforums.com
electricdrumadvisor.com
pottydiaper.com
yup.network
anchorconcretesolutions.com
eroerolibrary.com
hammocksrehab.com
naya-bazar.com
metamorphosiswei.com
indravision.net
libreriapapeleriacaniles.com
jims-info.com
teenporncup.com
yoshinaga-dentalclinic.com
mygreatordinarylife.com
sallanvarkki.net
Targets
-
-
Target
Consignment Details&BL Draft.exe
-
Size
663KB
-
MD5
bbcdacdde22b8bab6d71f543c36c9b2f
-
SHA1
f4752b9407c50396ca6ca1fef1a50827eb5cbc10
-
SHA256
6fbc3e54a04aeadf268907b5041bdaf5af8980d76eafce3bc5d995c0fa779fd8
-
SHA512
37c504b110e85656398ca91c4ed67e2854252b5402ca1b60cd8a24fa38c4e67c9346a8b4dc14005a44cdab708488bfe8b58f52e36449a4467de928591cbc6919
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-