General
-
Target
Order confirmation 49506.PDF.iso
-
Size
526KB
-
Sample
210924-lelpnageck
-
MD5
de0448c16540c8ec55e6af25078fbac8
-
SHA1
9865ac66e1ffab8324394b030b107f9e863c3fb1
-
SHA256
51cfb97e6e1e19e8a0c068bd0d3ef9710777718cb9048944cccdebdc4bd3f951
-
SHA512
10f20815961d24fc6b1d4203ba05b60e6037d36453a69e2c4019f424c370a00a9e81f87a52da788af718e8cbd31d5a60f9a98dfdf272862aef10d4e2952c5144
Static task
static1
Behavioral task
behavioral1
Sample
Order confirmation 49506.PDF.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
ny9y
http://www.caddomain.com/ny9y/
prelovedboutiqe.com
zhantool.com
grypeguidgorge.com
aa6588.com
privateerspacecompany.space
phil-goodman.com
jckabogados.com
familybeautifull.com
probinns.com
angelika-fritz.online
mygeeb.com
481344.com
freesoft.pro
extracter.store
fasxpay.com
hnjxcd.com
wfot2002.com
worldexecutor.com
tongxintachangjia.com
zachtippit.com
press-fitness.com
thequantblockchain.com
chiseiko.com
syedaakanwal.online
awsumm.one
fdmetaverse.com
wakanet-shop.com
bratliebe.info
onlinegiftcards.xyz
clutchhealthperformance.com
woodcarveddoors.com
midatlanticbathremodel.com
1stwill.com
pandacoffeebrand.com
alternativeformicroplastics.com
e9gift.com
zefibar.com
cashyatra.com
thoracicsurgeondebate.com
littlebluestemcupcakes.com
jmarketinggroup.com
masterbook365.com
thetutorisin.com
eletro-laser.com
serpenttrading.com
honeymaroc.com
olinia.xyz
ils.network
laexpodreams.com
4ohmtf.info
iphone13.onl
rjforsec.com
nathanrundle.com
lepetiteimport.com
ggsp3.xyz
darkxfreegiveway.com
micomunidadcenter.com
deepscan3d.com
acaadjkhdakjkdh.xyz
c2batlrjmk56txloreu3241.com
digitalsuccess.life
xerochargeusa.com
smartlifeformulation.net
buywithagents.com
Targets
-
-
Target
Order confirmation 49506.PDF.exe
-
Size
465KB
-
MD5
a88e3833ee5ccb2434ee90aa645a8894
-
SHA1
b6e78de80bbdc7748dfcbea47bc43593b587b075
-
SHA256
4dfab25d3ccff9a33396c252590c27c57f23f9a94b11ebd9834b23981b0908e6
-
SHA512
becf2614d5196c2b43f74c94f76cc0e9e21ffc75edd8a3ec8057a01ed9e8cfce755590228174692e4935861406627f7048fcf0294007b62148c5ece9f065af77
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-