General
-
Target
Invoice & Packing list.zip
-
Size
468KB
-
Sample
210727-3x7el4mp62
-
MD5
881b344339dd9a0a1213e0c74750e562
-
SHA1
a45581299cc50b734145e6554289ded6942c1c1f
-
SHA256
9bcbcd1a0ff4f8c5f81c5172ae88f670e1e3b97687572ada4a2163204f8fae8c
-
SHA512
b40f485aad3ecb32cfb71aae78df8e6adb24f12a52923a7a0d058ef1481dfba70ab75d2d2faff23c55d7b8558b79c064b36e45800784b864a9d19c70985b767d
Static task
static1
Behavioral task
behavioral1
Sample
moni.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.panyu-qqbaby.com/weni/
sdmdwang.com
konversationswithkoshie.net
carap.club
eagldeream.com
856380585.xyz
elgallocoffee.com
magetu.info
lovertons.com
theichallenge.com
advancedautorepairsonline.com
wingsstyling.info
tapdaugusta.com
wiloasbanhsgtarewdasc.solutions
donjrisdumb.com
experienceddoctor.com
cloverhillconsultants.com
underwear.show
karensgonewild2020.com
arodsr.com
thefucktardmanual.com
712kenwood.info
telecompink.com
ebizkendra.com
kitkatmp3.com
utformehagen.com
profitsnavigator.com
kathyharvey.com
tongaoffshore.com
vrpreservation.com
hy7128.com
nicolettejohnsonphotography.com
rating.travel
visualartcr.com
nationalbarista.com
lovecartoonforever.com
koimkt.com
directpractice.pro
blockchaincloud360.com
queverenbuenosaires.com
coachmyragolden.com
awree.com
facebookipl.com
rcheapwdbuy.com
trinspinsgreen.com
voxaide.com
ecorner.online
mattvickery.com
regarta.com
fknprfct.com
theessentialstore.net
sunilpsingh.com
ovtnywveba.club
optimalgafa.com
awdjob.info
humachem.com
southeasternsteakcompany.com
centerevents.net
warrenswindowcleans.co.uk
lebullterrier.com
thecxchecker.com
formerknown.com
pupbutler.com
tincanphones.com
tgeuuy.cool
Targets
-
-
Target
moni.exe
-
Size
606KB
-
MD5
7b2f837b3a3f8980901ca3a6f624d8d2
-
SHA1
7e0b1aabde14b6c64f8553d1d7e3499af79d2448
-
SHA256
3a4677dc6f14f38983af15458b11d5f92e71dea8d5cd0e5b263c50d211a72621
-
SHA512
677237124810c3cb0d35af23a2b9c0167d7b31dc0862bd7523841cdbc4c5209e5a71f8af8294f97e2bfa24f7d6984b00c695f0a5a5e1747833301b90fa1a46fe
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader Payload
-
Suspicious use of SetThreadContext
-