General
-
Target
INVOICE.rar
-
Size
567KB
-
Sample
210924-scx38shcan
-
MD5
f870fae8399a83da4989cd2a4b3cecc7
-
SHA1
cdaa5c7b2864d3353b84c5e2a97790738b9bdd38
-
SHA256
c78323831bc77fefdeaa33bd70441e02d7c94f456290a3068f345baaf5fff6cc
-
SHA512
4abb22e264f30db000f7ddf0eabb13d087af07d83eac0d1f34c0a0f43bd038d587632eae152fa5425b49161f93d7fc655a0a9b83a4f94d3fdadaec3cbd612c63
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
m6rs
http://www.litediv.com/m6rs/
globalsovereignbank.com
ktnrape.xyz
churchybulletin.com
ddyla.com
imatge.cat
iwholesalestore.com
cultivapro.club
ibcfcl.com
refurbisheddildo.com
killerinktnpasumo4.xyz
mdphotoart.com
smi-ity.com
stanprolearningcenter.com
companyintelapp.com
tacticarc.com
soolls.com
gra68.net
cedricettori.digital
mossobuy.com
way2liv.com
j9b.xyz
bmfgi.com
gargantua-traiteur.com
tavolabread.com
neoplus-create.com
tracks-clicks.com
santsp.com
tokusa-f.com
yardparx.online
seinvestments-sg.com
elegantbrushes.net
restaurantemachupicchu.com
ha0313.com
dock7rods.com
emphatictrifles.com
onefunline.top
caulsshop.com
kittyol.com
thehealthyheifer.net
plotmyplot.com
leewaysvcs.com
eur86.com
lightsinwall.com
jiankangkyw.com
travilent.com
dvaccounts.com
wittyon.com
tommywoodenski.com
dividendoylibertad.com
aqscksw.com
familiapena2475.com
australianmeatandwine.com
leading.delivery
giftcards2you.com
bethlehemsmith.com
osterparrots.com
getignore.com
joyandsatisfy.club
sanibelislandhomesearch.com
smedivision.com
kitcycle.com
hills-renta.com
brownbeargraphics.com
46sheridan.com
Targets
-
-
Target
INVOICE.exe
-
Size
1.0MB
-
MD5
3e0b369f71d263bd0918bfce2b1873c3
-
SHA1
0919aa900e50b290cc90426537ec25a9c44496b0
-
SHA256
c10f872ac7d56c5c8d5151eb8d5c3aba275f83bd55700c0dc38776a04b275175
-
SHA512
6c5cb90c5519dbaf90b2ca2183d6c48a1cd216eeb1eff02f16d1042cdde5955734c7ea52408e6ec907abb1a5e4c40eca40b9ed830a92315fad4660861e425c3f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-