General
-
Target
Shipping_Doc190dk0lwt837.exe
-
Size
249KB
-
Sample
211022-fvblqscael
-
MD5
2d0ac0a8f2d2aea1f05429585c1bdc4c
-
SHA1
3657594459b01c0c918e0deeaf3ad7f05a4efd90
-
SHA256
f1d7ead1ca0f3e39c12bf5b67bb35cfc745acf0f587c2d6ce45eb2904f44aaa7
-
SHA512
863b35e33b0b09aece9268c83ca3411180c23463a01e6b93744b978199c7fc386ecaddf0776588be59bcf41b46f4584e7405a17f1ee3cc64df602655036f92e7
Static task
static1
Behavioral task
behavioral1
Sample
Shipping_Doc190dk0lwt837.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
u5eh
http://www.retonamoss.com/u5eh/
tryafaq.com
bobcathntshop.com
oglead.com
026skz.xyz
brasbux.com
adna17.com
noveltyrofjiy.xyz
realestatecompanys.com
leman-web.com
df5686.com
jonathonhawkins.com
juliedominyfloralartistry.com
classyeventsco.com
aquaticatt.com
iotworld.xyz
hoc8.com
disposablediapers.store
peregovorim.online
advancebits.club
getaburialplan.com
tiger-trails.com
dnbaba.com
492981.com
eclipse-electrical-euless.com
cassandracchase.com
healthrightmeds.club
permkray.club
tawazoun-dz.com
extrabladet.com
offmanage.com
peoplexplants.com
mumkungiyim.com
personal-email-office-mgt.com
bjmysa.com
hopshomes.com
cnj-power.com
trendproduct.tech
chauffeuredaustralia.online
176ssjp0033.xyz
52juns.com
rewriringcanada.com
seabourneboats.com
sevensummittrek.com
retalent.agency
lz4ios.cloud
mindandbodyalignment.com
bedrijfmail-trk.com
bashmoney.net
xc3654.com
infiteltech.com
sh-hywz.com
huataiqche.com
grannyh.com
devinwithani.com
kingstons.info
fakedocshyundaigiveaway.com
bigsyncmusic.info
predstavnuk.com
frontiervalley8.com
timdpr.com
smartgymadmin.com
brsgeniusschool.com
tuckertractorworks.com
espchange.com
Targets
-
-
Target
Shipping_Doc190dk0lwt837.exe
-
Size
249KB
-
MD5
2d0ac0a8f2d2aea1f05429585c1bdc4c
-
SHA1
3657594459b01c0c918e0deeaf3ad7f05a4efd90
-
SHA256
f1d7ead1ca0f3e39c12bf5b67bb35cfc745acf0f587c2d6ce45eb2904f44aaa7
-
SHA512
863b35e33b0b09aece9268c83ca3411180c23463a01e6b93744b978199c7fc386ecaddf0776588be59bcf41b46f4584e7405a17f1ee3cc64df602655036f92e7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-