General
-
Target
Documents – Packing List Commercial Invoice
-
Size
18KB
-
Sample
211125-vf983sfhck
-
MD5
a5b0056fd2f56303ba063e967644b85f
-
SHA1
33be2e3727a6e239185edc9deb0134a1a8e3bea1
-
SHA256
c9d934e0fcb1ab001bc65247caad607d2510f451fc507a7e0773472c70bd15c6
-
SHA512
dba809471f0bd68da03367c86d30656f85df5624d4d5270d7971b4ce55f3093cfd8551d44ac948600fef8ec9c91a87672989fd8d3b0762cae62a38370e8f463d
Static task
static1
Behavioral task
behavioral1
Sample
Documents – Packing List Commercial Invoice.rtf
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Documents – Packing List Commercial Invoice.rtf
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
rh6s
http://www.barkerfamilyenterprises.com/rh6s/
plantzs.com
oasisphere.net
oprimaelnumerodos.com
youcansquarespace.com
smartaj7.xyz
pawes.top
dailytoyotatuson.com
moksel.com
flytt-gubbarna.com
xn--tecladoscon-ceb.com
boilingly.top
liabilitylimitresearch.com
dumkahaunt.com
butibori.com
guiadeafiliados.com
ponderingprofits.com
industrionaire.com
forum-solana.support
jinsei-tabi.com
everyonesconcretesolutions.com
afrikanabeachtarifa.com
cursorfast.club
escolaparaomundo.online
salemchurchmarketing.com
sagawaexpressdelivery.com
theflavorbibleapp.com
izicoin.net
129qihu.com
viarossaproductions.com
senior-desire.art
marsalahami.biz
sumika.biz
brandianext.com
charitytick.com
lavidatarot.com
ranchoptician.com
marinasidecondos.com
dbhavin.xyz
hk-tommy.com
air-15.net
milihomeandaway.com
victorrialand.com
umdasch-lagereinrichtung.com
jingdongdh.xyz
thinkservicewithflair.net
eleanor-the-beetle.com
shataeva.com
lj-safe-keepingtoyof4.xyz
greenway-plumbing-solar.com
simplyabcbooks.com
popupae.com
mdrlab.com
whitestowncompplan.com
whats4lunch.today
mpgastronomy.com
sztunfeng.com
foodroutine.com
blootgirls.com
ariannathalis.com
momshousegeorgia.com
busy-clicks.com
azukinotane.com
demeways.com
soluciondigital.store
Targets
-
-
Target
Documents – Packing List Commercial Invoice
-
Size
18KB
-
MD5
a5b0056fd2f56303ba063e967644b85f
-
SHA1
33be2e3727a6e239185edc9deb0134a1a8e3bea1
-
SHA256
c9d934e0fcb1ab001bc65247caad607d2510f451fc507a7e0773472c70bd15c6
-
SHA512
dba809471f0bd68da03367c86d30656f85df5624d4d5270d7971b4ce55f3093cfd8551d44ac948600fef8ec9c91a87672989fd8d3b0762cae62a38370e8f463d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-