General
-
Target
5268651735416832.zip
-
Size
281KB
-
Sample
210901-ewf37dd6hs
-
MD5
c03bb9b9ddecd2d7758df2f1b47dc5ea
-
SHA1
2566bc7b0bf121113f9eae5eaf804f608dfeda5d
-
SHA256
0c22d955534174aaffc23beb8b9fcee098a6f450ed1e5ac792a28d866089a035
-
SHA512
1f532112032916ae39fd3eed911702623c2be26b38a19b01cdc46d53227b653e60499be86bbc8f1b626d46437247ca75a7d683230af287ba56491c996e75d928
Static task
static1
Behavioral task
behavioral1
Sample
OFFICIAL PO 1143 FOB QATAR_jpeg.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
b6a4
http://www.miraculousventures.com/b6a4/
reviewsresolutions.com
binhminhgardenshophouse.com
nebulacom.com
kadhambaristudio.com
viltoom.club
supmomma.com
tjszxddc.com
darlingmemories.com
hyperultrapure.com
vibembrio.com
reallycoolmask.com
cumbukita.com
brian-newby.com
abstractaccessories.com
marykinky.com
minnesotareversemtgloans.com
prasetlement.com
xplpgi.com
xn--gdask-y7a.com
uababaseball.com
intesmartscale.com
hmwcin.com
pavel-levakov.com
esmebonnell.com
hdyfworldwide.com
shanghaino1milpitas.com
abrosnm3.com
millenialife.info
cgfia.com
sk275.com
anwaltmaier.wien
adminlagu.com
halaltory.com
ketofoodfight.club
mossymilecouture.com
toinfinityandabroad.com
goldstreamradio.com
hs-ciq.net
shedajackson.com
kussharoko.net
superpackersmovers.com
thecarbonbox.store
kayfkitchen.com
remedicore.com
zfozxr.icu
bloodbluemoons.com
vistaonlinedemo.com
tucirculodeideas.com
saanythinghealth.com
codenevisi.com
pickyclick.com
streammsex.com
ledtorchtr.com
louisgrech.com
realdocumentsforsale.com
compragospel.com
starlet5.xyz
phasmaelectro.com
kos-living.com
casamattapm.com
ievapavulane.com
wakeupwithfreedom.com
matkomiljevic.com
leonaprojects.com
Targets
-
-
Target
OFFICIAL PO 1143 FOB QATAR_jpeg.exe
-
Size
347KB
-
MD5
f826defd978e74a09d47ad5cbe2a6c93
-
SHA1
6892b6ebc8301ac535af2391aa0563453082fa4f
-
SHA256
2aa4e557d70c43b63c4c83dae89a00b09ded7c16317a30cce69d8b44c4ae2c2d
-
SHA512
44f3e9d07b4b520a5004c11ff903fa2868a423d062fc5f18c7faf0b45343d593db75a36b4585729b95488616a490af1facb66ad98a2d5f061b78021ba9f1c811
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-