General
-
Target
Jayaswal Neco Industries - Products List & document.rar
-
Size
1.0MB
-
Sample
211208-mas4lshegn
-
MD5
18ddca4387fe50fafa86c18a2ab67be6
-
SHA1
769bddbab8e6e3d65ee6999d13b6bedd54ae383c
-
SHA256
5a19f9f6d88cd86681edee1bbcb3f5ade2237d38ccac3e401eeb820918130823
-
SHA512
07378251785d697e36028d8287da87161af99cabceb3b89367cafde5c2623c7d6d5c73378d2151314125df393e7615c672454973aaaeea66955b7d8423ecf7d2
Static task
static1
Behavioral task
behavioral1
Sample
Jayaswal Neco Industries - Products List & document.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
46uq
http://www.liberia-infos.net/46uq/
beardeddentguy.com
envirobombs.com
mintbox.pro
xiangpusun.com
pyjama-france.com
mendocinocountylive.com
innovativepropsolutions.com
hpsaddlerock.com
qrmaindonesia.com
liphelp.com
archaeaenergy.info
18446744073709551615.com
littlecreekacresri.com
elderlycareacademy.com
drshivanieyecare.com
ashibumi.com
stevenalexandergolf.com
adoratv.net
visitnewrichmond.com
fxbvanpool.com
aarondecker.online
environmentalkivul.com
cardsncrepes.com
hopdongdientu-viettel.com
thebroughtguarantee.com
howtofindahotniche.com
1678600.win
pityana.com
akconsultoria.com
markazkreasindo.com
ronniecapitol.com
tailsontour.com
abros88.com
laboratoriodentaltj.com
fuckingmom86.xyz
5pz59.com
centralmadu.com
ispecwar.com
otetransportanddispatching.com
cartaovirtual.net
hsadmin.xyz
xn--12c2bed4dxay5cxdh1s.online
oki-net.com
scenekidfancams.com
preciousmugs.com
754711.com
helpigservices.com
blueharepress.com
xmshzs.com
lovelycharlestonhomes.com
wamhsh.com
burlesquercize.com
oppoexch.com
ditjai.tech
the-hausd-group.com
loosebland.website
syntheticloot.net
gzfusco.com
www-by.com
farraztravel.com
beheld3d.art
douyababy.space
elcuerpohumano.xyz
3soap.com
Targets
-
-
Target
Jayaswal Neco Industries - Products List & document.exe
-
Size
1.2MB
-
MD5
f3d120960ee7052af731cebcfc3b4d99
-
SHA1
16ae70774e448cbb368838c89feb4c173955ecc9
-
SHA256
d176de3884899e94f7c82f1ad0b21e9f305d3d5d7d753cc701a880e01d692cad
-
SHA512
de5014a7fed0ab9d860bd53e8606010e00c519cf73574bee6186e13a9d9f657747a590ec7486ae5b6bc1765d76a123704e280dfcb99f8f621d5dae6cda9355df
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-