General
-
Target
Potvrda narudzbe je u prilogu.zip
-
Size
334KB
-
Sample
211101-mzj71aeecl
-
MD5
c8fe1528b1524b2789ff6482624da54a
-
SHA1
67e619bca57b42b817ef3fb80c2a63239ad6b4de
-
SHA256
4aca8fe05d6567bfe4e3894af716cbc2ca284236e810f79a27d558a22063277f
-
SHA512
f3ecb16b422f69f55183ca81789da8880dcf7c8ed812cd5695b61376db04ab8c1de606e0c1fb22358b5ddbdf3fdb3f11b246e61f7898360409044a53e7d8632f
Static task
static1
Behavioral task
behavioral1
Sample
Potvrda narudzbe je u prilogu.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Potvrda narudzbe je u prilogu.exe
-
Size
982KB
-
MD5
e006d13431ff3ec6986d5185b804fd3e
-
SHA1
d5e25d367747a17de28c39595f3ef90bce714ef5
-
SHA256
42df3a16fea8171aa66fc7856671ef94f20245a3bd98787a7070ee8b690430d2
-
SHA512
d96f7784e602e185f77b06302e0561d6e2d54e783b83cd0fbbd67ddc5ce17657430cd66dc25ad242d942ed1a09ba7ab3dcf2a9d96c963c74444fdd7c6783aa86
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-