General
-
Target
Sales Order.rar
-
Size
454KB
-
Sample
210727-83sr2fgaqs
-
MD5
178234763bc642636b72225d29674ee2
-
SHA1
3915c10569856955c0c6a785d834e1f649afa5dd
-
SHA256
2a4103bdbd7ede598db2ed222c11aa5680fed10ae2a4b88930c2c6c03d48a8a0
-
SHA512
2f7fe7f27b33c8e5f3fd51aca539752b10daddfdae1958d197f7846de5cb1a83c17724482650a35dc79fd62c3ef2a2538d401cd5b9d469491e74257cc7524248
Static task
static1
Behavioral task
behavioral1
Sample
Sales Order.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.jantesetaccessoires.com/p6f2/
redsnews.com
vr859.com
postmasterstudios.com
hampsteadorganizer.com
hangshop.net
maheshwaramlawcollege.com
5156087.com
gtaaddict.com
faj.xyz
drivechicagoillinois.com
neerutech.com
b2brahmas.com
freshlookks.com
propertyparallel.tech
tlwbyads.com
sellektorkids.com
dexs.fyi
kileybrock.com
nervstudio.com
tosg-ltd.com
admibd.com
hilariousfakenews.com
lub-additive.com
securecloudinfo.com
xn--jde.com
andtheskywentred.com
nearestgreenbeverage.net
tipthemusician.com
koziolwojciech.com
ryosecurity.com
cosypromotion.com
qvvn.life
emcelt.com
ersatzair.com
blassmail.online
florianlecerf.com
shannonsmithcounseling.com
litorin.com
plusproduce.net
sandersonfarnns.com
medicservic.com
mostmegaproductions.com
eldorado88casino.com
hordlife.com
drgunjankumaribhagwat.com
iregentos.info
lifeonprimroselane.com
playstoreaddps.com
anacquiredtastepodcast.com
chinachaohuo.com
xn--80aafif4agv1ai.xn--p1acf
flmoisture.com
framebooth.net
wildhare.media
1000praises.com
tna.zone
kravmagatacticalacademy.com
jasonwang.online
suruyorum.com
concretepill.com
alfarouqco.com
reliefpaypal.com
xn--fujtherma-xpb.com
petgsafetyseal.com
Targets
-
-
Target
Sales Order.exe
-
Size
1014KB
-
MD5
fd84eb337a51966294ba08722170bf46
-
SHA1
1f529d60e2dc50deaac59af322708039da33c3be
-
SHA256
8da806444010084307c77bf3a69f66ca36c15920bd7b9f60fdcf35fccd460701
-
SHA512
a522ba8c6daddbf69f711ef859c7e8fb79e2ab00372e6626af9119d82ef8cf22b0e2ebcc1897cd88810be5ee01b11e0950dbf0853ceb630de3e916ac3bacd847
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-