General
-
Target
remittance advice_001001098.exe
-
Size
331KB
-
Sample
211126-ppg11acccn
-
MD5
7877a7074c688baf439f7ec1ab150682
-
SHA1
6c2539fb927b57388866f1c072cdf681b585fb2a
-
SHA256
08ade6bd3efcd20c80defdde936ef1329713af42d28889ffb69ba26b321a297f
-
SHA512
6e5dff775fe478634fc3553b0bed3e9e9fda7a956cc17743f2b1b27e06256008ba7bc229d55a409cb710f078c97b70bb709c764b9fc144c0700d77dab6f83402
Static task
static1
Behavioral task
behavioral1
Sample
remittance advice_001001098.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
e8ia
http://www.helpfromjames.com/e8ia/
le-hameau-enchanteur.com
quantumsystem-au.club
engravedeeply.com
yesrecompensas.lat
cavallitowerofficials.com
800seaspray.com
skifun-jetski.com
thouartafoot.com
nft2dollar.com
petrestore.online
cjcutthecord2.com
tippimccullough.com
gadget198.xyz
djmiriam.com
bitbasepay.com
cukierniawz.com
mcclureic.xyz
inthekitchenshakinandbakin.com
busy-clicks.com
melaniemorris.online
elysiangp.com
7bkj.com
wakeanddraw.com
ascalar.com
iteraxon.com
henleygirlscricket.com
torresflooringdecorllc.com
helgquieta.quest
xesteem.com
graffity-aws.com
bolerparts.com
andriylysenko.com
bestinvest-4-you.com
frelsicycling.com
airductcleaningindianapolis.net
nlproperties.net
alkoora.xyz
sakiyaman.com
wwwsmyrnaschooldistrict.com
unitedsafetyassociation.com
fiveallianceapparel.com
edgelordkids.com
herhauling.com
intelldat.com
weprepareamerica-planet.com
webartsolution.net
yiquge.com
marraasociados.com
dentalimplantnearyou-ca.space
linemanbible.com
dunamisdispatchservicellc.com
latamoperationalinstitute.com
stpaulsschoolbagidora.com
groupninemed.com
solar-tribe.com
footairdz.com
blttsperma.quest
xfeuio.xyz
sahodyafbdchapter.com
0934800.com
dandftrading.com
gladway.net
mineriasinmercurio.com
inaampm.com
Targets
-
-
Target
remittance advice_001001098.exe
-
Size
331KB
-
MD5
7877a7074c688baf439f7ec1ab150682
-
SHA1
6c2539fb927b57388866f1c072cdf681b585fb2a
-
SHA256
08ade6bd3efcd20c80defdde936ef1329713af42d28889ffb69ba26b321a297f
-
SHA512
6e5dff775fe478634fc3553b0bed3e9e9fda7a956cc17743f2b1b27e06256008ba7bc229d55a409cb710f078c97b70bb709c764b9fc144c0700d77dab6f83402
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-