General
-
Target
Shipping Documents.iso
-
Size
112KB
-
Sample
220126-zd6kbsabbk
-
MD5
704d9923d9b06b7be1d6eb2a311c450d
-
SHA1
54621df9d2bd24dda7028e51fd5f00c9f310aa94
-
SHA256
8d7e74f25af31e7367fa67a638e9efe741632fc9db0af6364f385238ed9d62f7
-
SHA512
dac30e58f95b0a005affe9e0b88adac66eae8b208a563074151c8c07f093042ea29d27acc9db9bc26927b7e3c824a661f9dbec38590903185d69444fed3172b1
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
zqzw
laurentmathieu.com
nohohonndana.com
hhmc.info
shophallows.com
blazebunk.com
goodbridge.xyz
flakycloud.com
bakermckenziegroups.com
formation-adistance.com
lovingearthbotanicals.com
tbrservice.plus
heritagehousehotels.com
drwbuildersco.com
lacsghb.com
wain3x.com
dadreview.club
continiutycp.com
cockgirls.com
48mpt.xyz
033skz.xyz
gmconstructionlnc.com
ms-mint.com
aenrione.xyz
honxuan.com
snowmanvila.com
cig-online.com
valetvolley.com
bjsnft.com
bennystrom.com
flw.ink
clarissagrandiart.com
samfamstudio.com
pamschams.com
edgar-regale.com
combi-tech.tech
00xwq.online
eclipseconstrucciones.com
plick-click.com
dive.education
regenelis.com
blue-chipwordtoscan-today.info
xn--rsso51aevf65u.com
maonagrana.com
lucasdebatintrader.com
cassijohnson.com
roeten.online
into-concrete.xyz
motovip.store
floryfab.com
slkykq.com
vidyakala.com
stairwaystowealth.com
meganandbobbyprine.com
arestradings.com
emilyschlueter.com
platanin.com
hnhstudios.com
dmembutidos.com
dcassorealtor.com
megamobil.wien
001skz.xyz
5t45urfgurkhgbvkhbuh.com
a3hd.com
newmexicotruckwrecklawyers.com
trabaho-academy.net
Targets
-
-
Target
Shipping Documents.exe
-
Size
50KB
-
MD5
9856b9dcbe55777dc78532fbb170ff64
-
SHA1
96f764731753aafd6682fe9f4adcca85b0b2244d
-
SHA256
63d8b5ed48256724991369af3d390fca0bba9afcc1d1dee674b6484632ed8ab5
-
SHA512
7ec1b57f9f79e831b58e5f5052f1619b8d3b1cc4c9fe787942a0f818315ab788d0814565732ce9636741d2c59584d9da2315af4347d675721f2e1daf2c8cebd0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-