General
-
Target
Invoice #210722 14,890 $.exe
-
Size
700KB
-
Sample
210727-yptj546412
-
MD5
9f049132f0c15e8687a0b670deab0960
-
SHA1
37ded4a6085ad07cfbc97ac43d8fcfa5c81e8cbf
-
SHA256
89fd73d17d825a1e661f69b41ffd9fcd9f5a3d044159763cbc82ffd0210eb78a
-
SHA512
6fb576e6fe3c7fdcd84a1e0ff0cb7d6f4d859aedc2e759128cc596a3ec1875dd51edb2fd462b8140b5f7aeec02c044ec139ae70c5a606c5ee3beaebb7136ad53
Static task
static1
Behavioral task
behavioral1
Sample
Invoice #210722 14,890 $.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.appackersandmoversbengaluru.com/p4se/
weightlossforprofessionals.com
talkotstopandshop.com
everesttechsolutions.com
garboarts.com
esubastas-online.com
electriclastmile.com
tomio.tech
jacoty.com
knot-tied-up.com
energychoicesim.com
rocketcompaniessham.com
madarasapattinam.com
promosplace.com
newstarchurch.com
thesaleskitchen.com
slingmodeinc.com
jobresulthub.com
pillclk.com
shipu119.com
sibalcar.com
quotovate.com
bluecoyotecontracting.com
hc68kr.com
laundry39.com
vietthaivt.com
ikonflorida.com
xn--sm2b97e.com
innovisional.co.uk
spacecityscouples.com
slmccallum.com
hro41.com
theyardcardzstore.com
primewildlife.com
xn--seranderturzm-ebc.com
stilesandhansen.com
bvlesty.com
hejiayin.com
philosophersdojo.com
aworldofsofas.com
itile.net
unitronicdealers.com
savasoguz.com
magetu.info
devgmor.com
villasabai.com
pipipenguin.com
furnishessentials.com
patchmonitoring.com
michaelhumphriesrealestate.com
pratikahealth.com
caswellcu.com
lakeportal.com
weedyourmind.com
cardamommm.com
freshstartrestorationllcmd.com
mastercardbhdleon.com
ceramiccottageco.com
magiczneszkielka.com
casebookconnet.com
recharge.directory
phoneprivacyscreen.com
mumbaindicator.com
jumboprovacy.com
streamerdojo.com
Targets
-
-
Target
Invoice #210722 14,890 $.exe
-
Size
700KB
-
MD5
9f049132f0c15e8687a0b670deab0960
-
SHA1
37ded4a6085ad07cfbc97ac43d8fcfa5c81e8cbf
-
SHA256
89fd73d17d825a1e661f69b41ffd9fcd9f5a3d044159763cbc82ffd0210eb78a
-
SHA512
6fb576e6fe3c7fdcd84a1e0ff0cb7d6f4d859aedc2e759128cc596a3ec1875dd51edb2fd462b8140b5f7aeec02c044ec139ae70c5a606c5ee3beaebb7136ad53
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-