General
-
Target
HSBC Bank Swift Copy.pdf.exe
-
Size
752KB
-
Sample
220128-kg9ntshhgk
-
MD5
76b0f4441930d3f2f480830681c426e7
-
SHA1
0b28664196cd55adcc7b82647602db984dd49f61
-
SHA256
3cc59342fdbb5aa332f7d99216ac3f1ede121e0752e5aaff260e16432c23908d
-
SHA512
63d7cbcaa3b46cce81727e5baa82e5daa055b3ad95d1fb14086bf2dd2bbd2811400b15e9231a18dc5ab1771c18f2047077baaefe8b970463da947fc650d32884
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Bank Swift Copy.pdf.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
rexd
xn--2es77o3w1bruk.mobi
cotesaintetienne.com
newlifefoursquaremcpherson.com
solutions-consulting.biz
chsico.com
demeet.xyz
eiruhguijire.store
realestatemoda.com
amr-fire.net
99v.one
altdaita.com
showerbeast.com
nsfone.com
doanhnhanvietnam.info
xn--transfpanou-39a.com
invitiz.com
chifaebio.xyz
footprint-farm.com
onlinenurseprograms.com
tigeratlspa.com
troublewatermelon.space
juvesti.com
hunnii.one
collective4choice.com
casino-mate1.com
hairandspa-aimer-kadsume.com
pointconstructionservices.com
savagereviews.xyz
zhuangmengmeng.com
gicaredocs.com
victori-jaya.com
purifilt.net
live9words.com
x-teknoloji.com
thelocalworkers.com
nalainteriores.com
dream-mart.tech
maretta.info
empowermindbodystudios.com
creativenft.xyz
remembertheabbeygate.com
whistlergardencenter.com
jbmfg.net
tangerinecave.com
60thstreetdesserts.com
mxcpgj.com
nguoidantocvungcao.xyz
snowjamproductiosmedia.com
schencklab.com
sousouhenansheng.com
quirkysoul39.com
digitaleclipsegames.com
hayesvalleycondo409.com
ceremonydesigncompany.com
essaispsoriasisenfants-ca.com
borhanmarket.com
aerbounce.com
primebradescocadastro.com
bupis44.info
optmsg.com
khukhuanphongkham.com
bunnymoorellc.com
tminus-10.com
mytechmadesimple.com
loj-kits.xyz
Targets
-
-
Target
HSBC Bank Swift Copy.pdf.exe
-
Size
752KB
-
MD5
76b0f4441930d3f2f480830681c426e7
-
SHA1
0b28664196cd55adcc7b82647602db984dd49f61
-
SHA256
3cc59342fdbb5aa332f7d99216ac3f1ede121e0752e5aaff260e16432c23908d
-
SHA512
63d7cbcaa3b46cce81727e5baa82e5daa055b3ad95d1fb14086bf2dd2bbd2811400b15e9231a18dc5ab1771c18f2047077baaefe8b970463da947fc650d32884
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-