General
-
Target
Bank swift copy.PDF.zip
-
Size
330KB
-
Sample
220127-necg4abfak
-
MD5
787d97479b35c20a2e809d5f0970f640
-
SHA1
170f0e95c1bab4fd427eaca7b618a813d121fb03
-
SHA256
768d8411966bf85edb29b2cfad164eb89e82b929405bb061cd19ffd71b6304f8
-
SHA512
f8267b022f2da949d42917f70139824a52cbb4f464fab1f45684817037775ab4c68d5a5b3bfb15cb4461cfe5eef23154e328b3950d924b34ac944b198fe4c702
Static task
static1
Behavioral task
behavioral1
Sample
Bank swift copy.PDF.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
pvxz
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
finetipster.com
Targets
-
-
Target
Bank swift copy.PDF.exe
-
Size
664KB
-
MD5
124d17d95a6978dbd68fd8362b9f8cde
-
SHA1
be4da815674e53a90e88981f91e053829cb4cfca
-
SHA256
d8b24be5c1f3c5844edf740bc560b65c11afad509e52687c9dd543ed16b40a7b
-
SHA512
4970404d87862f097e05f85cbaf12aa80584548b89c2bcd3b236ea530728923dbaced7fc859e034a4bd9ffa82f93afda2b650cc41b9f46601f6406f08e867eb3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-