General
-
Target
声明__ の __ アカウント__ コピー __ ...pdf....zip
-
Size
346KB
-
Sample
211025-eekzssgebj
-
MD5
45d487062d3b7049db836bfe4a5c0d09
-
SHA1
1c844e46894d41004292ac3330b777bc5705d707
-
SHA256
9ed0b8ed78f9a77e00224c7b90f8e813d61bb2df4318ad7526c590f2743dc4cb
-
SHA512
8564701a155c2d02cbdf3b94a9a1855a4f4b754119bde72f62fb51e70774c62a5ca71da4edced8b02f5ce0636b2399e94904908630ac487d91f479c81f8fbdd5
Static task
static1
Behavioral task
behavioral1
Sample
??__ ? __ ?????__ ??? __ ...pdf.....exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
s86j
http://www.emboldenlife.net/s86j/
getlumichargeserver.com
act-vitaalcoach.store
craftgeekz.com
monetflowerfarm.com
morakotislandrealty.com
onlineastrologeruk.com
evvpsml.com
hnbtc.net
auxiliacapitalpartnersllc.com
rdwoodworksstore.com
shulwinfitness.com
arterialhealthgrids.com
cryptork.biz
solomini-tech.com
porttownsendapartments.com
poprumor.com
assetsauctioneer.com
electronics2anyone.com
upskillpme.online
247fooddelivery.com
mceservicesnc.com
folge-meinempaket-de.com
saharaparkhurghada.com
flokitheshibainu.com
javcobra.com
hendrik-michels.com
pouyatec.com
vimaset.com
yourhockeyskates.com
nutri6si.com
sb019.com
green1994.com
gisellajewelry.com
nautical.store
babysneakersparis.com
seasonwiththereason.com
awonder.website
tamiltalks.com
klantbeheer.xyz
gangsishuawang.com
silverhavencap.com
pinksalt.care
456fuli.com
gabesfish.online
myveguiolcusbyopapp.com
sexwihmuslims.com
katiedraznin.com
sodavaranmali.com
rwcfrance2023tv.com
a2zroofingrepairs.com
safehousecamera.com
hinge.wtf
alphiver.com
corcentric-intl.com
moonenterprise.guru
cheburgent.com
elitecouriercs.com
raj56i.biz
incorporamovimiento.com
veritypedia.com
bamasaltwatercookbook.com
spdh04.xyz
thewayweseetheworld.info
ella.tech
Targets
-
-
Target
??__ ? __ ?????__ ??? __ ...pdf.....exe
-
Size
395KB
-
MD5
b68d6bb055b0fb1367900eaee876dd20
-
SHA1
46721ae469d81070727744a16f02d8c88144e99f
-
SHA256
b0fe839ee84678c067828ee5d5d48a30e2588c4a29fd9402609a335fe667c91d
-
SHA512
890f7cf60b16ed5d7edb935fb5e2c4a4397751e67e01654d09022a45290fd7d46f24786be99af3bc99a9964458be757d82756c074cd07d032197c27cb00b6e9e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-