General
-
Target
NEW ORDER RE PO88224.PDF.iso
-
Size
526KB
-
Sample
210924-len5sagecl
-
MD5
01b2a64fff1fe10a32ec06541181f48f
-
SHA1
815b96a425f107a2a064424cedbce5e4023df989
-
SHA256
8eac1ee2c601de814b716a91238a115f7294ed39fa0c0bf69eeb318ac9792284
-
SHA512
78c608ec720e8dc694625e605bc76e91a0d20482f9a687018de901efbd4fc0640291a89899e031b282df07565e78ef2f33c560cc61595fb85678d8f64307830a
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER RE PO88224.PDF.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
ny9y
http://www.caddomain.com/ny9y/
prelovedboutiqe.com
zhantool.com
grypeguidgorge.com
aa6588.com
privateerspacecompany.space
phil-goodman.com
jckabogados.com
familybeautifull.com
probinns.com
angelika-fritz.online
mygeeb.com
481344.com
freesoft.pro
extracter.store
fasxpay.com
hnjxcd.com
wfot2002.com
worldexecutor.com
tongxintachangjia.com
zachtippit.com
press-fitness.com
thequantblockchain.com
chiseiko.com
syedaakanwal.online
awsumm.one
fdmetaverse.com
wakanet-shop.com
bratliebe.info
onlinegiftcards.xyz
clutchhealthperformance.com
woodcarveddoors.com
midatlanticbathremodel.com
1stwill.com
pandacoffeebrand.com
alternativeformicroplastics.com
e9gift.com
zefibar.com
cashyatra.com
thoracicsurgeondebate.com
littlebluestemcupcakes.com
jmarketinggroup.com
masterbook365.com
thetutorisin.com
eletro-laser.com
serpenttrading.com
honeymaroc.com
olinia.xyz
ils.network
laexpodreams.com
4ohmtf.info
iphone13.onl
rjforsec.com
nathanrundle.com
lepetiteimport.com
ggsp3.xyz
darkxfreegiveway.com
micomunidadcenter.com
deepscan3d.com
acaadjkhdakjkdh.xyz
c2batlrjmk56txloreu3241.com
digitalsuccess.life
xerochargeusa.com
smartlifeformulation.net
buywithagents.com
Targets
-
-
Target
NEW ORDER RE PO88224.PDF.exe
-
Size
465KB
-
MD5
a88e3833ee5ccb2434ee90aa645a8894
-
SHA1
b6e78de80bbdc7748dfcbea47bc43593b587b075
-
SHA256
4dfab25d3ccff9a33396c252590c27c57f23f9a94b11ebd9834b23981b0908e6
-
SHA512
becf2614d5196c2b43f74c94f76cc0e9e21ffc75edd8a3ec8057a01ed9e8cfce755590228174692e4935861406627f7048fcf0294007b62148c5ece9f065af77
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-