General
-
Target
Original Scan_Doc Ref 28538013241899233.rar
-
Size
385KB
-
Sample
210930-l4tfsshcep
-
MD5
848194436babe28f7f5823878ea7be34
-
SHA1
131e50b33679245360e22ea0e0cd24458db3b6fd
-
SHA256
eeae09d50e42da395681151c3de21e56aa732236cf7a8be2ef7cded10827eed2
-
SHA512
2f30596a34bdbfb896953135fcc177c66c1fb1fcb8a208fe27e74d34f70716e627bd0dc85fbcc7abdf0e3f77eae9b385a7ec49579d9dfa6d0b50d35a04c9b006
Static task
static1
Behavioral task
behavioral1
Sample
Original Scan_Doc Ref 28538013241899233.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
epns
http://www.lnvietnam.online/epns/
mmfaccao.com
blttsperma.quest
946abe.net
indispensablehands.com
jkformationfrance.com
phonerepaire.com
lienquan-trian.com
youkuti.com
empowermindbodystudios.com
seunicapf.com
fk-link.xyz
kunai.tech
difficultbutdoablebrand.com
ejworkspace.com
teracorp.biz
thekids.today
quintaalentejana.com
annaviruksham.com
jshengrong.com
nsmetalmakina.xyz
hentainftd.com
alphabet-chicken-farms.com
erotikchat.red
skintipsllc.com
expressofertachegou.com
ygraeriotexniki.com
thesidehustler.net
visionries.com
deployinghigh.com
havana-smile.com
exclusivegift7.com
ephraimhomedeals.com
westquartier.com
kiingear.com
officecom-myaccount.com
lemomentconcept.com
royalteacherclass.com
alltart.com
hustlershandbook.biz
mxpvlv.biz
canalcorporate.com
carcity.toys
k6tkuwrnjake.biz
acrobike69.com
4000518883.com
katia-magnetisme.com
shiningproent.com
ikmbc-b02.com
thoughtsbig.com
baba.clinic
blazestead.com
12monthmillionairetraining.com
goodtasteonline.com
nokushop.com
teneses.com
215oldtoby.com
pampelina.com
eimzaizmir.com
newnetteline.com
discovertexasbeaches.com
farrukhportfolio.website
bombers.xyz
melissacarbonell.group
5402506.win
Targets
-
-
Target
Original Scan_Doc Ref 28538013241899233.exe
-
Size
912KB
-
MD5
6fb08a5130cdfc1ba7da0133a916733c
-
SHA1
4c781c859da4a76de1e8c942b4d712c37fb8ca72
-
SHA256
18421819d1c37b2be9b6ce90781a538e28f1238486a2f3d60ef682e0fb80f529
-
SHA512
5572042fab4d2d8d88bb42745ffc33da8af5c9b763cbd8a8a2d50442b46db6b120a79f2cc7c47bbabf10aaff4a7de97251ea3f7148e2d8c1bf0ad90917cbf4fc
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-