General
-
Target
4825400935088128.zip
-
Size
180KB
-
Sample
210908-s3nx9ahhhl
-
MD5
3d4aaa3cf637f217a8ca3d66f4370e5d
-
SHA1
f3bdb1dfede1c0ab9f66198553639215c0c93c30
-
SHA256
401e18b7eeb6576132e22aca31032606a0b40c88f5a337ceb6d3f3dd45338e3c
-
SHA512
dccc39690f7660bc8353c47c503f39f285e5983021918bceda9260efedbb6f40561ae3d5fd4e46109baeac993f7761c8ef99bfe7085573014f69c8363c5b87c2
Static task
static1
Behavioral task
behavioral1
Sample
Order 2021-600918.js
Resource
win7-en
Malware Config
Extracted
xloader
2.3
wqos
http://www.shdbwl188.com/wqos/
nobis.one
firecrestfineart.com
zhongqiaolw.com
healthcaremovement.com
amothersloveliberates.com
maskscafe.com
dkukkmk.icu
realmindofmitch.com
cranes-crossing.com
deeplyrootedplants.com
doodlesbakery.com
xiaomagu.com
lactase-enzym.com
comprartecnologia.com
making-my-new-normal.com
ruksamin.com
inforko.com
2mblueprint.com
pinkfang.com
100daysofbush.com
facesculptor3d.com
imdistel.com
vaagencyblueprint.com
ssdigreater.info
lklool.com
robinsrevenge.com
lescoquelicots.paris
mysticandmagician.com
powersmoney.com
baincot3.com
goodlink4freewares.info
assuredbc.com
drsergegauthier.com
esp-mask.com
riadepot.com
uresource.net
blacktielabs.com
hadobit.com
francesjmelhop.com
shansshield.com
justinhighland.com
rixoro.com
lnhujiaoqi.com
menteemethods.com
xn--3ds641adrtfpb.com
sodomytv.com
pkd.xyz
flagi.expert
smartbusiness-31.com
holisticwellnessbyheta.com
xldd0818m75imv22.xyz
studiespullen.club
drheatherbluemel.com
villalacchini.com
eightiestheultimatedecade.com
balkanum.com
thetexthub.com
computoyservicio.com
goghostcbd.com
theartisty.com
7967299.com
2084software.com
everbignt.com
westlakehillsdental.com
Targets
-
-
Target
Order 2021-600918.js
-
Size
311KB
-
MD5
f875ce20d9473d5dd74d2e0382fb32ba
-
SHA1
a9b75554d7cb9eae3f06c2b9f3b7cf60617b32d8
-
SHA256
b71e66c2f3dd88356df6c1bb0cab806156e91bed324c376b45cae58ce051ceff
-
SHA512
1eccb095f0bd41fb28879a726d8257b3a30cc487efa33fe24f2be2899596ee99bc54179d7003493aec50e55f6e6beac77616a9a8d9c3d80e4cb4a0244c33c4fe
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-