General
-
Target
Port_UETQYDYA_99381,pdf.exe
-
Size
246KB
-
Sample
211028-psv22agcgn
-
MD5
6013bdae92b82faae5b32efadb39530f
-
SHA1
6eec1e1ab9c075b3126987d49bf4540b37accb9f
-
SHA256
1ea4325defe122660025640e56aa51f5f2b131ac032a50de3e2d9a0a66254920
-
SHA512
cbe047531effb3718c66aa298a39a5a67c18c8da2b661704938c3993bac7e50e0df4f082949e4ad79687e4d296c9b4d376ee189821ebd182047caec8342fc8ec
Static task
static1
Behavioral task
behavioral1
Sample
Port_UETQYDYA_99381,pdf.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
dgt9
http://www.discountaquarium.com/dgt9/
glimpse-media.com
crimsongomidv.xyz
seo-clicks6.com
cloudbreakhq.com
oakabbey.net
findcasinoslots.com
thehelloloveshop.com
havetsuczyli.quest
celestialtransportation.net
nianlun.wiki
valentinaturals.com
808gang.net
tykaa.com
sparoom.store
empregosbr1.online
visaractivateddprocessing.com
industriamadereraargentina.com
ekopressbrake.com
984561.com
oklahomacasinoreviews.com
weihao.online
ct5k.com
ncya14.xyz
drinkrhino.com
syrianwindow.com
dsj2015.com
income-icm.com
rdaubuisson.com
686281.com
crushanxiety.com
tetstore.com
api-23nnys.com
jizhibao.xyz
echosymbol.com
gftsets.com
tenlog066.xyz
syzhangyi.com
fortlewisapartment.com
flatironstreeservice.com
daomars.com
metaverse360.biz
suplena.top
rontestcfb29.com
christmaspyjamashop.com
lftreasures.com
datsdopedesign.com
recloud-inc.com
maloma4u.com
imagesetblues.paris
wantto.net
barco-group.com
ebonygirls.net
freenewgameonline.com
berryfreshcans.com
ez.money
maxicashprofgt.xyz
wilyardmarketing.com
sukien-membership-garana.com
andrewwoodrealty.com
efllubricants.com
wwwa526.com
khl0q.com
beijixing-zs.com
suwei8.com
Targets
-
-
Target
Port_UETQYDYA_99381,pdf.exe
-
Size
246KB
-
MD5
6013bdae92b82faae5b32efadb39530f
-
SHA1
6eec1e1ab9c075b3126987d49bf4540b37accb9f
-
SHA256
1ea4325defe122660025640e56aa51f5f2b131ac032a50de3e2d9a0a66254920
-
SHA512
cbe047531effb3718c66aa298a39a5a67c18c8da2b661704938c3993bac7e50e0df4f082949e4ad79687e4d296c9b4d376ee189821ebd182047caec8342fc8ec
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-