General
-
Target
payment advice.ro9,pdf.exe
-
Size
607KB
-
Sample
220127-qaesrsdafr
-
MD5
5a3452246e02aa71c5d55a89e46cd310
-
SHA1
07cc96501710f0d80455fe9b5e34d4b9c1a3d05a
-
SHA256
81fc763d0863d2011499222a0683aed63c881b20ccf70d5775125451bf36b76a
-
SHA512
7b611c4385dae6bbc09bf9c866d0011e50bbda253917861ae33862f065017424ea97867eae8a02fc69ce24d6d344a8f4af1b38dd2ae6a0681403929fdcfbe4c0
Static task
static1
Behavioral task
behavioral1
Sample
payment advice.ro9,pdf.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
tod8
shabizy5.com
sattaking-delhiborder01.xyz
venetianmountains.com
vertogaastad.quest
zimalek.com
olympiacrownhotel.com
dubbostorage.online
mosescorrea.com
japanroofing.com
mashareq.store
gdetcz.com
slimmersite.com
aplintec.com
878971.com
charlottesbestroofcompany.com
into-mena.com
newlysupply.com
bianncapace.com
netrew.com
anhecapital.com
newtion.net
thelakemorleyhaunting.info
homicdecor.com
best-paper-to-know-today.info
bcw.today
cji-architect.com
perfecto21.com
misteroperfume.com
wlxxch.com
xn--maldya-qva.com
sandrasmit.club
ashabstracts.com
cbdshoot.com
qrin.top
1018shrader.com
gratisratio.com
alendigital.xyz
monroetruckingco.com
noahpresnell.com
czyssk.com
ultrahouseimob.com
tormentaritmica.com
exiqya.xyz
chodoque.net
shappilyeverafter.net
sacremots.com
necessary-tools.com
mathswithmike.online
gv-china.com
thenewivhubboston.com
pfo055lnb.xyz
fliprbook.club
tsourapricot.com
galactica-shop.com
sperrmuell-berlin-abholung.com
goldenaxe.club
lonestarbonehealth.com
potsleep.com
juliansdelectableedibles.com
wideaou.com
spaceworbc.com
cryptobittoday.com
dif-directory.xyz
lunchbreakincome.com
bulacee.com
Targets
-
-
Target
payment advice.ro9,pdf.exe
-
Size
607KB
-
MD5
5a3452246e02aa71c5d55a89e46cd310
-
SHA1
07cc96501710f0d80455fe9b5e34d4b9c1a3d05a
-
SHA256
81fc763d0863d2011499222a0683aed63c881b20ccf70d5775125451bf36b76a
-
SHA512
7b611c4385dae6bbc09bf9c866d0011e50bbda253917861ae33862f065017424ea97867eae8a02fc69ce24d6d344a8f4af1b38dd2ae6a0681403929fdcfbe4c0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-