General
-
Target
Bank Slip 001.r15
-
Size
469KB
-
Sample
210907-f7bghafbfk
-
MD5
6671df3823037d5aa9b2e76006e2bd21
-
SHA1
5720514042238f143a4bb1c2a6602a2bf24d775b
-
SHA256
3bae9b893714983a989f2d82cbafe1166df96100ae5d05cb6914c8ad37528f7f
-
SHA512
def135362a5e69c1007feb6138094a6b132922c6e00286ce81ce889ef3e8a90722c821b6ec262aeae324a17904830fb6423c054186239f9054fd98897d27ed0b
Static task
static1
Behavioral task
behavioral1
Sample
grace $$.exe
Resource
win7-en
Malware Config
Extracted
xloader
2.3
t75f
http://www.vertexnailsblaine.com/t75f/
onegolfsydney.com
kaizensportscoaching.com
mliacbjv.icu
rinstech.net
midas-parts.com
istmenian.com
ibrahimpike.com
herbspaces.com
gentleman4higher.com
workabusiness.com
isabusive.website
222555dy.com
lwhyzhzb.xyz
gabrielabravoillanes.com
hearthomelife.com
buildswealth.com
printitaz.com
l-mventures.com
baincot3.com
nstaq-labs.com
wikendi.com
newyears21.com
citestaccnt1597730671.com
thecuriousincidentwes.com
alchembiopro.com
stardustanimations.com
ssgasiaw.com
sarajanesstudio.com
whitepointfineart.com
dlglawtx.com
doudiangroup.com
jackpod.team
abvoltprunus.bid
miimamablog.com
selfbuildwithmannok.com
thanhxuan99.online
germantos.com
waterdoor.net
wmscloud.net
services-24hras.com
maneadvisors.com
mosineetowing.com
blockdelightsmart.com
booyaka.design
brewery-run.com
dexteroushandmade.com
minhamochila.com
drawingwoo.com
thesalcombefurniturecompany.net
nashautoglass.com
beenationgear.com
cleanseforlifewellness.com
corecounselingcenter.info
naturalcreativesociety.com
sarcontraders.com
lickitbuddyrehab.com
theweekendrecap.com
cetiya-veluvana.com
w7asd.net
nyctophilia.net
asialion.net
goldentreegrp.com
jacobuspark.com
punchingforce.com
Targets
-
-
Target
grace $$.exe
-
Size
489KB
-
MD5
ba3c72780f80542fe09aeed80a9a56c6
-
SHA1
22bc724884cf52efe4c596bcd8ffdd155c783238
-
SHA256
c840ee368fcab5974485c16fc456b1dc1923cc5e113ce6a96f6f314a7ec5ac94
-
SHA512
a66602343d24dff4330551b900644ece8fe62059a88327ddac99fb0bc625a7eb3cfa6f3697beed4a0ec9f2f1f227f42dd4e36c43470cf4c71d38b6ad07ee15fd
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-