General
-
Target
RFQ356284678,pdf.iso
-
Size
462KB
-
Sample
210915-c3bpxsgfa5
-
MD5
a94d252b201174b9532e36f8893ba56b
-
SHA1
28a1e551cd212448828b272e3ec9d3ea9618cd20
-
SHA256
fd0d5cfec2a1908e2e3d7466984399bb8a40d91f3dde90ab77e90fb29c52e466
-
SHA512
b5d734d675e03eb049f8fbdbd2c4e42ba3f5f4431c0c5252783e35bfc19f5fdd528f0c23c3944fad931c5984621d2f01174435749d075dc9a2cf0168b8a6fee0
Malware Config
Extracted
xloader
2.3
gv6d
http://www.breakaway.uk/gv6d/
bigfatgay.com
czrsgd168.com
bnkinvestments.com
uhchearingfl.com
hooktowingco.com
bold2x.com
dirtyhandsdigital.com
princetonreviewes.com
typhoonmusicgroup.com
onlinemathcoach.net
safecareethiopia.net
alvarogdeo.com
access-sca-login.pro
handbagswholesalemaster.com
whoaservices.com
telemunndopr.com
dream2works.com
itemconfirmation.com
kentebags.com
chennaipremium.com
Targets
-
-
Target
RFQ356284678,pdf.exe
-
Size
401KB
-
MD5
30b799e145ec03674de8d27ae3e5c0ba
-
SHA1
339a5df9d70b31d0b59a5e97d672f12ccb67e45e
-
SHA256
5df88b107258b6f9b91512ca18b098fec01005b71eed470932f006103d5bb346
-
SHA512
d37d9be8f9bc3c17afead37c22b91a96fe2cb4314d09424270e75b2f36d7be4a9d560540909508170f8c0e3e2d1ba0635595045a6299ea5e6f8be215007b841e
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-