General
-
Target
bank swift scan pdf....daa
-
Size
254KB
-
Sample
210927-fd5s9affen
-
MD5
e80f93039db4d384585f617edd6c0ad9
-
SHA1
313e4837fc987ab9bfc94c097b9e1cb8cdf2bbd0
-
SHA256
d78c836b04c545ba988741e695408016f8ec243f4eab09893b5b1b790bd62067
-
SHA512
6209e3391cdd7e0d03f603291e582d7e8f9b509ef4d07a255b112965dae6eec737a8e4cbc894d0ecfb8df6669a623f32337eb7b63134d188605c8a6ed7ade986
Static task
static1
Behavioral task
behavioral1
Sample
bank swift scan pdf....exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.4
di4c
http://www.dropadsmedia.com/di4c/
oscd.store
simplyminiatures.com
famouslovebackbaba.com
turkesteronesupplement.com
most-attractive.com
le-thermoplongeur.com
joydeb.xyz
incomepanther.com
infoterkiinii.xyz
indigocard.website
plasthecnolgy.com
canmamap.com
aviationtrainingworldusa.com
successoffplan.com
desert-breeze.com
nilavarna.com
stanthonyswelfare.com
shezefy.com
shcq08.xyz
spencerpauley.com
breakfastatbrittanys.com
workspace-mex.com
litteratorum.com
illstitute.com
framed-speed.com
buyandsellwithalec.com
xwdnawbx.xyz
mickyyoung.com
bandiu.xyz
planft.store
imaginalworks.com
lid-gb.xyz
ahgongs.com
carrirbuilder.com
neuro-ai-web-online.club
booparade.com
sketchfujitah.online
bayboatnation.com
ink2words.com
modernsolarusa.com
camuci.com
dentonlifetimedentistry.com
1ajpwvkk.icu
hangcheng56.com
suvenifa.com
spacetech-sa.com
emotionevents.xyz
momskitchenassam.com
imyandme.com
premiercattledrenches.com
procard.one
quiestcevin.com
blastofftv.xyz
live2leadinfo.com
jaalifetrx.space
weste-store.store
liquidmelon.restaurant
gjz863.icu
prince-info.com
islandsingle.com
shelazofficial.com
awhjguduahjfsd.com
notariuspublicus24.com
navneetsharma.xyz
Targets
-
-
Target
bank swift scan pdf....exe
-
Size
323KB
-
MD5
6308a0ee4b50deb37f6f6a6205d5b2d6
-
SHA1
0a0f239995f1be45263bc2c96440cfd3dd751cc9
-
SHA256
f3296e298b22250cb64e01c5e737c924410ea4489867b61758a5e0906f3d1161
-
SHA512
96dc213ec553ac61eeda230e74515443f9a7d708f73a6bfa4bf02b33ef7519a41f584ceb6c1db903dd8e0237444f19d33c0e513f785fbfeb5c0a822c2f3d78cc
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-