General
-
Target
P. Order & Contract (A-4553) PDF.exe
-
Size
388KB
-
Sample
211021-f1ewcaagan
-
MD5
2b7aa1c3ad41c61590c7e8788717f3a3
-
SHA1
b25e8d174baa57079f2886d76ccf45248269d5d3
-
SHA256
4d9cbe2a33087ef1552af182cd03bbbe5bba8d01f5eb11c25c3eb3eb72008a7c
-
SHA512
67939ee05ad3baf7115f46cc85fabcff97b65836dd7ef8eedbfa9b114adca3376152bf00db3bf4d47976287b1d0ba1ed1960f036043fab392e5784a637f30084
Static task
static1
Behavioral task
behavioral1
Sample
P. Order & Contract (A-4553) PDF.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
r3n5
http://www.keeyasmarketplace.com/r3n5/
peterjhill.com
bleednavy.com
a6d83.top
koudoula.store
albawardl.com
j-sdigitalekuns.net
0wzr2dglc.com
xd16880.com
safepostcourier.com
seuic.net
hainansousou.com
meuexamor.com
strategicthinking.coach
tabliqatbama.com
kidzplan.com
non-toxicnailpolish.com
bwgds.com
behindhereyesphotography.com
age-oldpklduy.xyz
lesconfidentialistes.paris
cornerstonepartners.online
bumidustores.com
vokalsnarbh.quest
regensburg-ferienwohnung.com
rogue-gear.com
blighttest.club
elephantspublications.online
locoboysco.com
nbl20.com
harunerdal.xyz
nailsofts.com
zhangyi.photography
farmavidacanarias.com
szqyuanzishi.com
governorslounge.net
bisoubox.com
fcjoke.com
talmkt.com
christinesyquia.com
lozanoygarcia.com
peolinkbroker.com
doskimen.art
wealth-mindset.com
covapa2.com
montclairbehavioral.com
atletofficial.com
endeavorgroupllc.net
kczu.net
beputis4.com
yshowmedia.com
steelresearchcentre.com
hpywk.com
realprestige.online
brightonpeople.com
wittig-technologies.com
sddn30.xyz
kungfupimps.com
xn--299akkrtr22f.com
lxrh.net
apexmakaluhydropower.com
mcpaintingco.com
nchh40.xyz
gwmetaverse.com
zakawsky.com
Targets
-
-
Target
P. Order & Contract (A-4553) PDF.exe
-
Size
388KB
-
MD5
2b7aa1c3ad41c61590c7e8788717f3a3
-
SHA1
b25e8d174baa57079f2886d76ccf45248269d5d3
-
SHA256
4d9cbe2a33087ef1552af182cd03bbbe5bba8d01f5eb11c25c3eb3eb72008a7c
-
SHA512
67939ee05ad3baf7115f46cc85fabcff97b65836dd7ef8eedbfa9b114adca3376152bf00db3bf4d47976287b1d0ba1ed1960f036043fab392e5784a637f30084
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-