General
-
Target
Shipping Document PL&BL Draft01.exe
-
Size
664KB
-
Sample
210118-bf7gbgtypn
-
MD5
b6e80f2e175ac7fbcda8f578a69bd620
-
SHA1
f606474769da4255ea95c0aa4e78f5206246d865
-
SHA256
0674ab6b81671be1eb9a4944f50ca24141a0034fa4d58b420e47506371db191b
-
SHA512
8bdfbc2eb230f6d30d00a46755ff096ff443943559937fb93b9d7e6e6a85254af90fad508e5ffb8639b60bade41c0dae79e1a83e1deb8bfeb463dc30607e8840
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Document PL&BL Draft01.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.elevatedenterprizes.com/h3qo/
dhflow.com
jyindex.com
ezcleanhandle.com
trungtamcongdong.online
simsprotectionagency.com
easylivemeet.com
blackvikingfashionhouse.com
52banxue.com
girlsinit.com
drhemo.com
freethefarmers.com
velvetrosephotography.com
geometricbotaniclas.com
skyandspirit.com
deltacomunicacao.com
mucademy.com
jaboilfieldsolutions.net
howtowinatblackjacknow.com
anytimegrowth.com
simranluthra.com
thefinleyshow.com
basalmeals.com
esurpluss.com
hrbjczsfs.com
tourphuquocnguyenhien.com
mxprographics.com
themetaphysicalmaster.net
directorystar.asia
thehomeofdiamonds.com
riqinxin.com
covicio.com
sciineurope.com
womensportclothes.com
celestialchimes.net
lotsmen.com
hi-rescloud.net
lewisnathaniel.com
ageonward.com
eyetownglasses.com
bingent.info
matildealvaradovera.com
otorrinonews.com
cdeg898.com
lexingtoncoorgresort.com
minidachshundpups.com
tools365-shop.com
romancingtheeras.com
residentmining.com
aquaflowsprinklers.com
crackapks.com
caffeinatedeverafter.com
sureyyapasa.net
strawberryhearts.com
ptgo.net
devyshkam.com
thethrottletherapy.com
givelyrics.com
signaturepsinc.com
mersinsudunyasi.com
fivedayskitchen.com
fefebeauty.com
long0001.com
hmm40.com
claracarbon.com
Targets
-
-
Target
Shipping Document PL&BL Draft01.exe
-
Size
664KB
-
MD5
b6e80f2e175ac7fbcda8f578a69bd620
-
SHA1
f606474769da4255ea95c0aa4e78f5206246d865
-
SHA256
0674ab6b81671be1eb9a4944f50ca24141a0034fa4d58b420e47506371db191b
-
SHA512
8bdfbc2eb230f6d30d00a46755ff096ff443943559937fb93b9d7e6e6a85254af90fad508e5ffb8639b60bade41c0dae79e1a83e1deb8bfeb463dc30607e8840
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-