General
-
Target
BANK DETAILS-26012022-971332pdf.gz
-
Size
41KB
-
Sample
220128-jdh62ahbdl
-
MD5
11144b7ff3e80b332b8aea3368f5d638
-
SHA1
4a4f11974a453dff1d8cc12fc41c1bd0230528ee
-
SHA256
dacada6f63feabf79c83fb521deb881c687ddb4d3902f3b7e98762d746d993d7
-
SHA512
d35784ae851c1a45b58af0083b6f531d9f35b73444e22f0b190ffd88eaaf00c88cd828eb0d44dd29d9994a23743d77cf2268fcb42b826699910871bfc22e24d1
Static task
static1
Behavioral task
behavioral1
Sample
BANK DETAILS-26012022-971332pdf.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
be4o
neonewway.club
kuanghong.club
7bkj.com
ooo-club.com
kamchatka-agency.com
sjsndtvitzru.mobi
noireimpactcollective.net
justbe-event.com
easypeasy.community
southcoast.glass
janhenningsen.com
jmxyjj.com
tarihibilet.com
nagradi7.com
percentrostered.net
certvaxid.com
kingseafoodsydney.com
blacksheepwalk.com
waktuk.com
inteligenciaenrefrigeracion.com
marvinhull.com
fikretbayrakdar.com
rsxrsh.com
vastukalabid.com
belindahulett.com
aibet888.club
icarus-groupe.com
vendasdigitaisonline.com
fairytalepageants.com
imaginativeprint.com
quanqiu55555.com
owensigns.com
kaikkistore.com
dreamintelligent.com
piqqekqqbpjpajbzvvfqapwr.store
mariachinuevozacatecas24-7.com
glenndcp.com
vaughnediting.com
10dian-3.com
buresdx.com
itservon.com
buyingusedfurniture.com
elektropanjur.com
logotzo.com
eaglesaviationexperience.com
antoniopasciuti.com
personas1web.com
hvbatterystore.com
ksustudyabroad.com
4huav946.com
gojajix.xyz
kennycheng.tech
traditionnevertrend.com
mytrainermatrix.online
basculasperu.com
eljkj.com
teleconstructiongroup.com
28682df.com
altimiravet.com
worldplantaward.com
mydxza.com
josiemaran-supernatural.com
brainymortgage.info
diffamr.net
istemnetwork.com
Targets
-
-
Target
BANK DETAILS-26012022-971332pdf.exe
-
Size
234KB
-
MD5
915102405b44b4eb490450935905b4c5
-
SHA1
cc89138f906776cc8ceb6135753bd1bfdc423846
-
SHA256
234d944f1c4d9dcb90a6797dc13bf50fa2290da2230d134ee70bc4b7c4143ab8
-
SHA512
d34136c97136cdb01cde174506dd02b250894f4427dcac3c0d98dbc2a417db0b1fd15ad950b491b5795fb345ebe4eba175baac23252d3222eb0e5d253adf4615
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-