General
-
Target
Invoice-309-Ref-284.exe
-
Size
947KB
-
Sample
210817-8e1pa6bax2
-
MD5
33d6b64658d6d65330aa45e745a07378
-
SHA1
4aac1e207c9bbcd0959901557ed3da64b950a091
-
SHA256
e6d6ba31c6a493196ef6147ee975e41970f069ce9abd2b114c115891be4d37e0
-
SHA512
4b062d9c1cfab5d98812b999d61d94648219e61b6aef17d073321ad8c4681ed84e1fd78d776958acde24bcd39eb57006f42245d2eacc15bb34c3979fefd0cfa7
Static task
static1
Behavioral task
behavioral1
Sample
Invoice-309-Ref-284.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
ipa8
http://www.desarrollosolucionesnavarro.com/ipa8/
royalposhpups.com
univa.world
lanerbo.com
shopbabygo.com
theutahhomestore.com
serialmixer.icu
linfeiya.com
xn--12cg3de5c2eb5cyi.com
am-conseil-communication.com
dailygame168.com
therightmilitia.com
visions-agency.com
mapopi.com
frugallyketo.com
guapandglo.com
54w-x126v.net
your-health-kick.com
blockchainhub360.com
registernowhd.xyz
votekellykitashima.com
astyaviewer.com
kinnonstudio.com
calerie.coffee
oqity.com
ia3v0m.com
maryland-real-estates.com
rwaafd.com
mnavn.com
valhallamedics.com
realbetisbalompie.xyz
askaboutaduhelm.com
sazekav.com
jxhg163.com
littlescampers.com
northwayenterprise.com
miotir.com
pastelpastrybakery.com
thebandaiderepair.com
plastings.com
hubrisnewyork.com
mervperu.com
calvarirumba.com
evidencemetrics.com
privedenim.com
thebreedersbuddy.info
poolsnation.com
lessonex.com
bainrix.com
celiktarim.com
ortodonciaberistain.com
curtisbigelow.net
golfwifi.net
instrumentum.store
legacymediaentertainment.com
okwideus.com
rixmusic.com
best123-movies.com
edwardsrealtyfl.rentals
beaumontcycleworks.com
abolad.com
hydrarobuxobby.com
addisonbleu.com
xiang-life.net
tailored2fit.online
Targets
-
-
Target
Invoice-309-Ref-284.exe
-
Size
947KB
-
MD5
33d6b64658d6d65330aa45e745a07378
-
SHA1
4aac1e207c9bbcd0959901557ed3da64b950a091
-
SHA256
e6d6ba31c6a493196ef6147ee975e41970f069ce9abd2b114c115891be4d37e0
-
SHA512
4b062d9c1cfab5d98812b999d61d94648219e61b6aef17d073321ad8c4681ed84e1fd78d776958acde24bcd39eb57006f42245d2eacc15bb34c3979fefd0cfa7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-