General
-
Target
HSBC_2021-25-10-017822019.cab
-
Size
314KB
-
Sample
211025-kzv86aghak
-
MD5
40e22be12bfa46935f5d756dc7354c07
-
SHA1
34324613704e3a835873142865cbfb6d1dbf55d8
-
SHA256
af331eef6acd7bc79ee5bf88aaea16d8fc137af936d02ae43b5d02fbc320a7f3
-
SHA512
b073947c12994d38201311813c798370e478c74a8ce280d8609661f60768d13c0e57cb5dec28f6ebebc7ead088086d47ca317bc72e00926547e9ca9b9e82138d
Static task
static1
Behavioral task
behavioral1
Sample
HSBC_2021-25-10-017822019.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
ntfs
http://www.164661.com/ntfs/
cast-host.com
sheenwoman.com
cateringpairs.com
butikgamis.com
esd66.com
beautystaze.com
findavetnearme.com
lyketigers.com
nesboutiqe.com
jadeutil.com
survivalfresh.com
realestatebramlett.com
glorynap.com
awards.institute
huangtapps.com
beyondwithyou.com
cryptocustomerhelp.com
plataformasoma.net
lstpark.com
noalareelecionindefinida.com
supersconti.xyz
emotors-invoice.com
adamelsouk.com
pellondo.com
itstimewashington.com
ss9n.xyz
wecuxs.com
wonderfulwithyou.com
livetvnews24.com
humanblessings.com
soins-sophro.website
pailuanshizhi.com
balanzasdeplataformaperu.com
wingboxonline.com
importexportjessi.com
revenberggmemergencyupgrade.com
comicvan.com
docomoaj.xyz
accelerate6.com
englishforbreakfast.com
braapboxclub.com
damana-vetements.com
corinnewehby.com
tonesify.com
growversa.com
cemetrasbeautyboutique.com
newbalancecore.xyz
cqguipu.com
vdcasinolinkegit.club
sednayachts.com
alinatargetpro.com
pawcomart.com
aisle5.store
dayinburgas.com
c2batxpvme9ey3poams7369.com
everythingby-b.com
laliinparfumeri.com
ntwapedi.com
mrbubblesftlauderdale.com
averiansmom.com
ipelle.com
waiting-game.com
online-security.support
hartfortlife.com
Targets
-
-
Target
HSBC_2021-25-10-017822019.exe
-
Size
331KB
-
MD5
21dc547b12a42d23141c3a6321518e83
-
SHA1
3f42a80a0ae6b917c0bc8486ea9b0b488e1619d2
-
SHA256
754ba27dca23858f64933493e0162b9745b93a6c87cd0868bfec0019c88ed4e0
-
SHA512
414ca9a23af8acf0e6158f596ead3af66bb8d7ce59f60820fa2f3a54a8df5f4977b8f3a5dfd48ec75eca195a7d2324394674bcbf221685ea01e89d942ffe2b1c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-