General
-
Target
20210303948387477467,pdf.exe
-
Size
218KB
-
Sample
210819-xjszwl4k3s
-
MD5
e79c5035be71a3d0f847fed5d05d64df
-
SHA1
d90242e0452ad5cc9c580c5829c67369b04e0258
-
SHA256
d0186c586f083b92225e7a7e3d357e84d7f756a3e7fd76c5edca5f3e1e702ada
-
SHA512
46f36c6dd994a80b657ddd198c9ea9d290afef4ce98b4961c843b42f26b5f96b1bc3063c2e9e26775c4e373f2d4e830e5f57fcfb897c8f2f08e65a28d587798e
Static task
static1
Behavioral task
behavioral1
Sample
20210303948387477467,pdf.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
gh6n
http://www.aslionlinestore.com/gh6n/
cpschoolsschoology.com
thestocksforum.com
pixiewish.com
sopressd.com
muktokontha.com
tiejiabang.net
fdo.technology
kuringnl.com
barbarapastor.com
21stcenturytrading.com
digiwarung.com
canvafynyc.com
forfaitinghouse.com
3704368.com
mymonwero.com
ponpow.com
fringe.golf
heartfeltindonesia.com
defensivedrivercpc.com
allaboutgt.com
truerootsgroups.com
thatsfreakinridiculous.net
soulmohal.com
socalyardspotter.com
pmpts.com
ypb.xyz
tecs777.com
coimpexp-fab.com
romulusphotographer.com
spaceoffsexs.space
eatingdisordersnutrition.com
crackedappel.net
fore-all-llc.com
satishkasetty.com
itallcomesdown.com
ireneverda.com
mylenenadon.com
xn--zrz537c.com
treemuebles.com
iseyararbilgiler.com
mypinnacledesign.com
opvine.com
fenixcartagena.com
schiffrealty.net
lumbuy.com
seanwidmier.com
bondarizati.com
a1bulkemail.com
beuatifulbigwomen.website
nadyadheshop.com
clasificadosvallarta.com
magestosopneus.online
klub65.com
sexrobocabs.com
titanshop.info
valuecaptain.com
bostonm.info
standonir.com
acrellp.xyz
miyumiyuchancosplay.com
victorcarvalhooficial.com
bidaitosou.com
timership.com
cathbilson.com
Targets
-
-
Target
20210303948387477467,pdf.exe
-
Size
218KB
-
MD5
e79c5035be71a3d0f847fed5d05d64df
-
SHA1
d90242e0452ad5cc9c580c5829c67369b04e0258
-
SHA256
d0186c586f083b92225e7a7e3d357e84d7f756a3e7fd76c5edca5f3e1e702ada
-
SHA512
46f36c6dd994a80b657ddd198c9ea9d290afef4ce98b4961c843b42f26b5f96b1bc3063c2e9e26775c4e373f2d4e830e5f57fcfb897c8f2f08e65a28d587798e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-