General
-
Target
Proforma.01102021.PDF.exe
-
Size
918KB
-
Sample
211102-hwkxxabhf4
-
MD5
af94940941c68cabed310c1664febd82
-
SHA1
eee9e33fb4fac7b2bdc36873c789d3701ba0b204
-
SHA256
fc791a24b4250988196f8c8b174d778e0ed1f4ea2a3c8601b25ab4431df56f08
-
SHA512
124d162fb2e6dc11c1d2555564da3a8e1a38a61b77b60b351e2d588fdb90af550c9d2717db750b2f4e9b1fca8365da595e46f770cba3ca870462aa20f77519e3
Static task
static1
Behavioral task
behavioral1
Sample
Proforma.01102021.PDF.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Proforma.01102021.PDF.exe
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Proforma.01102021.PDF.exe
-
Size
918KB
-
MD5
af94940941c68cabed310c1664febd82
-
SHA1
eee9e33fb4fac7b2bdc36873c789d3701ba0b204
-
SHA256
fc791a24b4250988196f8c8b174d778e0ed1f4ea2a3c8601b25ab4431df56f08
-
SHA512
124d162fb2e6dc11c1d2555564da3a8e1a38a61b77b60b351e2d588fdb90af550c9d2717db750b2f4e9b1fca8365da595e46f770cba3ca870462aa20f77519e3
Score10/10-
Xloader Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-