General
-
Target
Order Confirmation with Invoice & Packing List.Pdf.iso
-
Size
620KB
-
Sample
210924-jmjh6agcen
-
MD5
e64d7b9859cbb9d141d061f3e6afbd0e
-
SHA1
1d78d07375311deb0597827283385f7634c91de3
-
SHA256
7effdc483443a8b60d6d9646cc133f1861ab331a384a397adb62f609d61662fa
-
SHA512
6a92182c9ef3643d79683f893a530e3b401cacdf2b8c28443be132caf8cd21382a96cb081ddc916bf2e13d6f4abc0a9a7ff0dd65a79c04b1c42e26b4520828fc
Static task
static1
Behavioral task
behavioral1
Sample
Order Confirmation with Invoice & Packing List.Pdf.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
ny9y
http://www.caddomain.com/ny9y/
prelovedboutiqe.com
zhantool.com
grypeguidgorge.com
aa6588.com
privateerspacecompany.space
phil-goodman.com
jckabogados.com
familybeautifull.com
probinns.com
angelika-fritz.online
mygeeb.com
481344.com
freesoft.pro
extracter.store
fasxpay.com
hnjxcd.com
wfot2002.com
worldexecutor.com
tongxintachangjia.com
zachtippit.com
press-fitness.com
thequantblockchain.com
chiseiko.com
syedaakanwal.online
awsumm.one
fdmetaverse.com
wakanet-shop.com
bratliebe.info
onlinegiftcards.xyz
clutchhealthperformance.com
woodcarveddoors.com
midatlanticbathremodel.com
1stwill.com
pandacoffeebrand.com
alternativeformicroplastics.com
e9gift.com
zefibar.com
cashyatra.com
thoracicsurgeondebate.com
littlebluestemcupcakes.com
jmarketinggroup.com
masterbook365.com
thetutorisin.com
eletro-laser.com
serpenttrading.com
honeymaroc.com
olinia.xyz
ils.network
laexpodreams.com
4ohmtf.info
iphone13.onl
rjforsec.com
nathanrundle.com
lepetiteimport.com
ggsp3.xyz
darkxfreegiveway.com
micomunidadcenter.com
deepscan3d.com
acaadjkhdakjkdh.xyz
c2batlrjmk56txloreu3241.com
digitalsuccess.life
xerochargeusa.com
smartlifeformulation.net
buywithagents.com
Targets
-
-
Target
Order Confirmation with Invoice & Packing List.Pdf.exe
-
Size
559KB
-
MD5
91395b2b8907c3d08e2d6b4da9931a9c
-
SHA1
801c292d0673c8ec990fa9dab1ebaae122dbc552
-
SHA256
387508d9f7c0d79b09bde31b037d1c43ceb1ce799a0cc94a77a20226477b47f7
-
SHA512
0d95e0a195c1707c37cfecbe9d241f80935f25f1c8073eaa510c3ddd95c3deecd2e85f9ca5bb9387238935c78b29f164261da22e933aa2d65ccde1c7b3ea89eb
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-