General
-
Target
Overdue Statement of Account.exe
-
Size
418KB
-
Sample
211020-ynnltsadgm
-
MD5
862838f5e798c19a2c222994789b5b73
-
SHA1
7dce91828df96ad8a6dae4fa1415dbf6755cb143
-
SHA256
a2067ce6f40be6dee1fa10c0155582a43e4b4d5b4bfe1fcf7f239332534b7109
-
SHA512
06b9d77e854045c88bc9440f0e3680930687319c4e0ba9cdf1271614d66b6d732dfd354c27ea847374c7cffde2a786810240888a19431e1ebe9707c2cc3671c2
Static task
static1
Behavioral task
behavioral1
Sample
Overdue Statement of Account.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
naec
http://www.logternal.com/naec/
thugcephus.com
yelomasala.com
rowyprima.quest
besasin09.com
globerentalcar.com
super-dev-li.online
legendaparayoutube.com
sharj4030.online
freebiesandgiveaways.com
greenidge.bet
aligned.guide
limowatchshop.com
cqreb.com
justforlulu.xyz
sppn.info
mycaroutlet.store
lcrventures.com
ultimateapparelprints.online
katakorik.com
jfrecycling.com
plundergomrgg.xyz
cuchikymess.quest
supremeantivirus.com
aceidaho.net
xghnsw.com
harmanhvac.com
herseymagazamda.com
woaini.website
atastefromcalifornia.com
macintoshbooks.store
mappix.net
solarisawesome.com
hunterfineart.net
alendmaj.com
sjzdemao.com
griffin-auto-insurance.info
letitgrowtnpasumo3.xyz
williamkafeartistik.com
plastictraceability.com
pozhirateli.com
companyintel.guru
hammehafen.com
51omr.net
int-certgroup.com
takumistyle.net
abundanteyfeliz.com
csliangzhi.com
arrivalofthelightbeings.com
thentn.com
jameshankreprise.com
newspaper.works
foropatrioticoypopular.online
bynei.com
flavactivecomplex.com
algurgtba.net
appliancerepairhollywoodca.com
warmingdrapes.com
50gjm.xyz
bondnow.company
hustlerslouip.xyz
arizaservismerkez.com
scrjessica.com
thehomeinspo.com
electnotaryservice.com
Targets
-
-
Target
Overdue Statement of Account.exe
-
Size
418KB
-
MD5
862838f5e798c19a2c222994789b5b73
-
SHA1
7dce91828df96ad8a6dae4fa1415dbf6755cb143
-
SHA256
a2067ce6f40be6dee1fa10c0155582a43e4b4d5b4bfe1fcf7f239332534b7109
-
SHA512
06b9d77e854045c88bc9440f0e3680930687319c4e0ba9cdf1271614d66b6d732dfd354c27ea847374c7cffde2a786810240888a19431e1ebe9707c2cc3671c2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-