General
-
Target
Ordine allegato.exe
-
Size
907KB
-
Sample
210930-lc2yvshbhm
-
MD5
01c66819d65c1ef79104a2c1e3520e46
-
SHA1
0382eb0aec349646bd5065d03adad7bb8603c977
-
SHA256
d6dc7cd7605c5f0c4f4edb58a1662ea00f707e563a339bbcb294b01c44c1ace7
-
SHA512
b988afd50d0da87dcd0b3228841511cb31aa9f31536c8664c346268fc3fe858e36469b81e6ef81f68b121602076a0808c3092e4ad5b76f6ed65bb59f0544331c
Static task
static1
Behavioral task
behavioral1
Sample
Ordine allegato.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Ordine allegato.exe
-
Size
907KB
-
MD5
01c66819d65c1ef79104a2c1e3520e46
-
SHA1
0382eb0aec349646bd5065d03adad7bb8603c977
-
SHA256
d6dc7cd7605c5f0c4f4edb58a1662ea00f707e563a339bbcb294b01c44c1ace7
-
SHA512
b988afd50d0da87dcd0b3228841511cb31aa9f31536c8664c346268fc3fe858e36469b81e6ef81f68b121602076a0808c3092e4ad5b76f6ed65bb59f0544331c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-