General
-
Target
Confirm received PO 4500640396.lzh
-
Size
670KB
-
Sample
210816-vs41p2rmdn
-
MD5
12bb2a983fc09ed07579c60d0e396551
-
SHA1
f90c37191d8a31aacc69c4ae3aec0328d53673ac
-
SHA256
75de6a436c06db361958df9e1cd39e7e72e44a8e202058c5dc93233a5b135e6f
-
SHA512
d0febdd220c2c4cb32716a51fdbdf6ad7624f9557ec3775ce237dc6d7b5862e55ccd86cd4002a8d711038b0187402ad480d89a9f090b6c6a55037ce33ddb04ad
Static task
static1
Behavioral task
behavioral1
Sample
Confirm received PO 4500640396.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
ipa8
http://www.desarrollosolucionesnavarro.com/ipa8/
royalposhpups.com
univa.world
lanerbo.com
shopbabygo.com
theutahhomestore.com
serialmixer.icu
linfeiya.com
xn--12cg3de5c2eb5cyi.com
am-conseil-communication.com
dailygame168.com
therightmilitia.com
visions-agency.com
mapopi.com
frugallyketo.com
guapandglo.com
54w-x126v.net
your-health-kick.com
blockchainhub360.com
registernowhd.xyz
votekellykitashima.com
astyaviewer.com
kinnonstudio.com
calerie.coffee
oqity.com
ia3v0m.com
maryland-real-estates.com
rwaafd.com
mnavn.com
valhallamedics.com
realbetisbalompie.xyz
askaboutaduhelm.com
sazekav.com
jxhg163.com
littlescampers.com
northwayenterprise.com
miotir.com
pastelpastrybakery.com
thebandaiderepair.com
plastings.com
hubrisnewyork.com
mervperu.com
calvarirumba.com
evidencemetrics.com
privedenim.com
thebreedersbuddy.info
poolsnation.com
lessonex.com
bainrix.com
celiktarim.com
ortodonciaberistain.com
curtisbigelow.net
golfwifi.net
instrumentum.store
legacymediaentertainment.com
okwideus.com
rixmusic.com
best123-movies.com
edwardsrealtyfl.rentals
beaumontcycleworks.com
abolad.com
hydrarobuxobby.com
addisonbleu.com
xiang-life.net
tailored2fit.online
Targets
-
-
Target
Confirm received PO 4500640396.exe
-
Size
1.1MB
-
MD5
6bca65813eeda79ba5ff4674fd4f831b
-
SHA1
b2eb4ec39716a2ee523372ad443df85f54ba1fc6
-
SHA256
2c365b6985fd96e0f9596e0e17370ef537d786473e490dfb144ade8fedc5f2ce
-
SHA512
026ddb7df5bd8d2c1033372990b9b7faaf3982084ea72528111c22cb149bcc49b141b7031a21df26db152edd55c75fe574d1f9db2bab3cb50f1c3aded2d4df01
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-