General
-
Target
Invoice.exe
-
Size
376KB
-
Sample
211029-lwmnaahgfm
-
MD5
d316b55036ed7571bf26849eb0ae463b
-
SHA1
9b9e1398a81f5692caaf168023311e78fba2b193
-
SHA256
f82263cd92ff85163569edb0eae620d23858d5958bb88b5bb205e6660d1e8822
-
SHA512
4037268abc4c9a08d1c8cb2ac87ea239c4315999ef315fe08a2b1c9eac34163a318c9cbfdcb4a11477b0388527f0f15572325b6a9e75fb117765550e48e5ef56
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
ku75
http://www.majesticgolftours.com/ku75/
brews4you.net
underdogpride.com
ej-anders.com
celescope.com
misguidedmarket.com
chaoqiangjixie.com
goldingravel.com
sliceofheavenmenu.com
playlovely.com
modern-elementz.com
privateschoolsofmanila.com
calguardbeta.com
greekowner.com
enrisi.com
musicway.digital
cryptohealthpass.com
kinchipectic.quest
sherwoodstory.online
consultordeimoveis.online
selfhealthcare.club
swaymontana.tech
eyoudirect.com
buge-link.com
nonsensehenough.com
tyc68795.com
krivalnails.com
asabyjas.com
dietatrintadias.com
pantagruel-language.com
beogaistoge.com
wizard-nt.store
lm-desiign.com
aurakayskincare.com
freestarfinanacial.com
nutfat.com
originconsultingservices.com
asihb.com
cbrecruiterssolution.com
tnea2014.com
ampersandcraftsuk.com
enigmasdev.com
e2adriasec.online
80jiang.top
nstrealestate.com
bet-unlim.store
topstitched.com
integratedveteran.com
31068182.com
dangerzonepod.com
everettrossi.com
exobus.xyz
seniorlivingsearchusanet.com
dan-is-a-ghey-retard.com
slatecapitals.com
thetalkzone.com
naturalperuoriginal.com
peninsulaheatpumps.com
stolik-kawowy.com
mirage7.bet
jdrmik.space
citrusarrow.coffee
melisadongel.xyz
hunabkureiki.com
originalkodsukses.icu
Targets
-
-
Target
Invoice.exe
-
Size
376KB
-
MD5
d316b55036ed7571bf26849eb0ae463b
-
SHA1
9b9e1398a81f5692caaf168023311e78fba2b193
-
SHA256
f82263cd92ff85163569edb0eae620d23858d5958bb88b5bb205e6660d1e8822
-
SHA512
4037268abc4c9a08d1c8cb2ac87ea239c4315999ef315fe08a2b1c9eac34163a318c9cbfdcb4a11477b0388527f0f15572325b6a9e75fb117765550e48e5ef56
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-