General
-
Target
Comanda, factura proforma.zip
-
Size
353KB
-
Sample
211124-ln62yscchl
-
MD5
26c8d2ce44781a6b6fd80d2e2cf4ea16
-
SHA1
ee33f402325fb2697ad95f96bbd01f184d5109bb
-
SHA256
ea828f4b77fa4128a394d3c81be7d569736c07ddaa4e5243a1a2669522bcc552
-
SHA512
b3145290223e5033b14984da2d6691f7681d75b84a14189f5903f18e40f01bec78c0e46dc578cb47251f9a19a1e10006fadb222c798f16ea02b97c797532502c
Static task
static1
Behavioral task
behavioral1
Sample
Comanda, factura proforma.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Comanda, factura proforma.exe
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Comanda, factura proforma.exe
-
Size
714KB
-
MD5
d0374233b4f0b5872d99e4f91d7ef727
-
SHA1
36d3f48474f4ae50efe5108cdbeff33f621b33c1
-
SHA256
640632c9b58708ac0a556ebcbe773fbf391caf17ceac6e444b66679cc89bacbf
-
SHA512
009335b8f789ab5428d6797f04a1dfd33da8fcfeb87ed179de549d00a6c8e2047232240fcbd89d0ca1f20c5024c0311708d68c7732019049c16727bcaa7627fc
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-