General
-
Target
HSBC TT Copy 101121.rar
-
Size
244KB
-
Sample
211116-ybyw2acbfr
-
MD5
85d1b77e49b292efda384c4ca43836b9
-
SHA1
e4f9998c48220fea06cb1f372c68c2b3c56666b5
-
SHA256
ded8c07fb7142ba39946dd3aaac2ec104a19cd919f4e7a7eda7781db6e3816ee
-
SHA512
9c66e2c19aeb8bd95732c87dd0fc73280cf9182a1810fe1b1e9c7504df5a86a3b04aaaa26b952d089c4ef78bcf190885e7179c854e978cff6f6d0a34d66c890e
Static task
static1
Behavioral task
behavioral1
Sample
REVISE 50% OCTA INVOICE.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
e8ia
http://www.helpfromjames.com/e8ia/
le-hameau-enchanteur.com
quantumsystem-au.club
engravedeeply.com
yesrecompensas.lat
cavallitowerofficials.com
800seaspray.com
skifun-jetski.com
thouartafoot.com
nft2dollar.com
petrestore.online
cjcutthecord2.com
tippimccullough.com
gadget198.xyz
djmiriam.com
bitbasepay.com
cukierniawz.com
mcclureic.xyz
inthekitchenshakinandbakin.com
busy-clicks.com
melaniemorris.online
elysiangp.com
7bkj.com
wakeanddraw.com
ascalar.com
iteraxon.com
henleygirlscricket.com
torresflooringdecorllc.com
helgquieta.quest
xesteem.com
graffity-aws.com
bolerparts.com
andriylysenko.com
bestinvest-4-you.com
frelsicycling.com
airductcleaningindianapolis.net
nlproperties.net
alkoora.xyz
sakiyaman.com
wwwsmyrnaschooldistrict.com
unitedsafetyassociation.com
fiveallianceapparel.com
edgelordkids.com
herhauling.com
intelldat.com
weprepareamerica-planet.com
webartsolution.net
yiquge.com
marraasociados.com
dentalimplantnearyou-ca.space
linemanbible.com
dunamisdispatchservicellc.com
latamoperationalinstitute.com
stpaulsschoolbagidora.com
groupninemed.com
solar-tribe.com
footairdz.com
blttsperma.quest
xfeuio.xyz
sahodyafbdchapter.com
0934800.com
dandftrading.com
gladway.net
mineriasinmercurio.com
inaampm.com
Targets
-
-
Target
REVISE 50% OCTA INVOICE.exe
-
Size
257KB
-
MD5
093048c24b9994fef2130cd8457e7a4b
-
SHA1
f3c31eefe661b1febc80c0865af8f4fd1385ac7f
-
SHA256
0e803b7715385244cae58772b5b0da43b7cca6a97c5ffd182081eca8676ff5d7
-
SHA512
e95142b25ae3078c642df183213ed06ccb0b5b65c4b25c3844803258d8b149c3570fdd00a25b539199f44ad10877c37139e430febe304ad6860511c379d4a2ba
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-