General
-
Target
PO_610.20-21.A2424.UP_PDF.exe
-
Size
297KB
-
Sample
210120-wqdfvk4q22
-
MD5
3ea0aeab9cc01933b5ba3f78e8ceddb4
-
SHA1
ecd362b4af516f2855607326ffcf684355ec4762
-
SHA256
feb7ef6e6c842b97b92c82fdba89499c252cc9414874efc7fafae8389dbf0538
-
SHA512
455f749c00be8dc2108c60f18efd5217b5eb2bf7414871ad82c50a84419d04934702893e90f95adfbcde89bf677c0d78cb636b86670192179327da2ac13d2170
Static task
static1
Behavioral task
behavioral1
Sample
PO_610.20-21.A2424.UP_PDF.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.chuanxingtong.com/j5an/
xwwgj.com
release-paypal.com
investorshighway.com
maglex.info
chenangopistolpermit.com
thebihareye.com
sanjosemasks.com
foremanmotors.com
stadtstreicherin.com
9247pf.com
erenvincplatform.xyz
cushcaps.com
flatisteam.com
kojyouibennto.com
rahmatsuparman.com
vallyfades.online
metropitstop.com
shopasha.com
windycitycreditsolutions.com
uproxysite.com
californiabilling.com
theexgirlfriendpics.com
arnoldnaturalresources.com
gfeets.com
streamelemeants.com
academiadacocriacao.com
nselife.com
maratinsaat.info
deviurg.com
mrbalumba.com
joyfinancialservices.com
retriever-home.com
paydayonlineloanapplication.com
dchasers.net
mct.ltd
geisshaven.com
mdejgqbp.icu
mercifulhandshc.com
bmtxm.com
aulbalu.com
globuswarming.com
wolfpacktowingrecovery.com
empireofconsciousness.com
yosyoshop.com
l7zexitam.xyz
lendtitle.com
charmedlifeinteriors.com
aimtopshop.com
teramareprime.com
muenker.world
just-embrace.com
amazon-co-jp.world
fsjinhua.net
lungi.cloud
mysinglecam.com
hortenserolland.com
grouptripinsurance.com
aspiringeyephotos.com
shoesiin.com
oodi.club
shakhriyarmamedyarov.com
musiklotteriet.com
germanystablecoin.com
land-il.com
Targets
-
-
Target
PO_610.20-21.A2424.UP_PDF.exe
-
Size
297KB
-
MD5
3ea0aeab9cc01933b5ba3f78e8ceddb4
-
SHA1
ecd362b4af516f2855607326ffcf684355ec4762
-
SHA256
feb7ef6e6c842b97b92c82fdba89499c252cc9414874efc7fafae8389dbf0538
-
SHA512
455f749c00be8dc2108c60f18efd5217b5eb2bf7414871ad82c50a84419d04934702893e90f95adfbcde89bf677c0d78cb636b86670192179327da2ac13d2170
-
Xloader Payload
-
Suspicious use of SetThreadContext
-