General
-
Target
LISTA NABAVKE U PRILOGU_1.zip
-
Size
428KB
-
Sample
220121-sf6vjsabgl
-
MD5
63fa230a35159e6ade271833711da9df
-
SHA1
82764ce074f8fd623faf65eb0ad602766b7c9a54
-
SHA256
caf4d979c0c8b74dfcc6978be14adf4007f62ec3c7a8dfeaaf3b2b39d18bb09c
-
SHA512
4ea7eb635ffff9072aef18e0154004690ac9043f6f5733309841f255ca9bca5c01bec98332e66a4bacf80ea0b3decace3083a71d9065c951643bbf7659f6b87e
Static task
static1
Behavioral task
behavioral1
Sample
LISTA NABAVKE U PRILOGU.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
LISTA NABAVKE U PRILOGU.exe
Resource
win10-en-20211208
Malware Config
Extracted
xloader
2.5
pvxz
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
finetipster.com
Targets
-
-
Target
LISTA NABAVKE U PRILOGU.exe
-
Size
928KB
-
MD5
64cab4c420d6a95c20fd1b555b26ca1c
-
SHA1
2cb3c433ab77a7fb401a79bec85f85eece2b629d
-
SHA256
a91efb27b4a33714947ab40259c7e937cb56dade212c1554cd303eed72382f7c
-
SHA512
2617cf19987f9aac4470825e7560e0de5cba0b6b606eab1bcd6794faccab9710de2a855f0411e80cd75c2f108b2ca06cbac7a134841cabd1670b462efbffd37f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-