General
-
Target
LOGISTICS ARRIVAL NOTICE FREIGHT #20200927F.zip
-
Size
305KB
-
Sample
210927-nlw53sgfgj
-
MD5
7cd6c6c0e28eba90b06bb2960cfd6e6b
-
SHA1
f627383e6683d89e11983bed3584c8e8e8e7f17e
-
SHA256
335d34dcb2a548120db6c08c0e13eefbb8a38f6bd24b6dfa4edcd51c44f835c5
-
SHA512
fab266d84031329c763718c8af3d7748006a1ba704e0038810e63199eeb48f85bddb5da10a4f7262d1b2ddff9604bd0a557aa6e45815861106d7dc0c2b838c7f
Static task
static1
Behavioral task
behavioral1
Sample
Rfq# 52011.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.4
h2m4
http://www.kitap-deposu-pdf-mp3.site/h2m4/
gallery85.net
ibitehebites.com
jaganalytics.com
fariquxivile.rest
lidaqj.com
sanfrancbd.com
gravityht.com
cv7es.com
webdevelopment.cloud
kickstartpal.com
restorefoundations.com
mswebinar.com
threemustdostagingtips.com
emerilforeverpansinfo.com
laboratoriogiosol.com
izy-cash.com
helios-eml.site
quasarenergy.global
shopfashionlab.com
unighostwriter.com
loftybrickellmiami.site
autiadigital.com
krutimpf.store
sptquizsb.info
uspatriotsagainstbiden.com
bandiu.xyz
vaxconfirmed.com
tonirs.com
ipsumedical.net
taksmb.icu
aabbccstore.website
tuasesorfinancieropersona.com
chocolatesthatinspire.com
jx-rcw.com
jeahery.com
btftoken.com
goodnessknowswhatscooking.com
exactlyjewelry.com
laniu254.xyz
noemimunoz.com
capitaone.info
ren.institute
free2b.xyz
ecoplasticmfg.com
losangelesfiresafety.com
princetonquantum.com
tembitys.com
glue-cms.com
f2wdf92.net
fpx859.icu
qinzhougulf.com
zsskbw.com
leverclever.xyz
kollectionbyb.com
aleksandernikolli.com
indoxdrakor.xyz
electricalcoveragefples.com
roofmenow.com
littledipr.com
florescentllc.com
yoapron.com
stpg.xyz
wrs123.com
synhawks.com
Targets
-
-
Target
Rfq# 52011.exe
-
Size
330KB
-
MD5
d54903b43f7c4aa9400c9132e208f2cc
-
SHA1
2b3f77c81586198e3cba92c8c1d59125327b3ca0
-
SHA256
266c5eff1e53ab87738e2b4a516f4b519c272734537da3c9e5d92383537ec381
-
SHA512
e0ef1fc4e702ac30b39fb319e0a92987691ecbdd407564e932460ef8f80a7d5c985e2611d9fe0fea7cf18fa9431281b34dfdba2e932bdb0bb6d8124d854e827f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-