General
-
Target
CRYPTO INVOICE APPROVED.pif
-
Size
250KB
-
Sample
220128-rl9yqaecbn
-
MD5
9eb725df8f30e3dae7b3197a1783eaea
-
SHA1
7484f0d4ff29b450339c24c40b771f88e2d907d7
-
SHA256
f55c9c2bdda3ecb1e3404ec6c003f146204ed5fd550b6de28a50ee1bdfb722c4
-
SHA512
9be53f3c9e0dd9218bd197c09f232a5f3af7470a14b7f58ab346d3ee6a8155ec739416d57053ae7f0429a3483ed6babb69ff70b2195bea794f853529663ca17d
Static task
static1
Behavioral task
behavioral1
Sample
CRYPTO INVOICE APPROVED.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
rmfg
prospectcompounding.com
grand-prix.voyage
solvingpklogc.xyz
eliamhome.com
gamevip88.club
arsels.info
dswlt.com
dchehe.com
lawyerjerusalem.com
pbnseo.xyz
apuryifuid.com
kiukiupoker88.net
leannonimpact.com
kare-furniture.com
mississaugaremax.online
zpyh198.com
dueplay.store
naimi.ltd
greenstepspodiatry.com
cewirtanen.com
stonebyparamount.com
stellenbargains.com
meyerranch.realty
bitcoingrab.com
ifjejijfe.xyz
drjeannerot.com
trgau.com
thailandland.land
satupena.info
coinzillo.com
cloudreveller.digital
wilsoncreekarts.com
hyalucaps.com
dempius.com
onycostopsale.com
54jjpygl.xyz
quick2repair.net
tpyrj.com
cyndeiversondesigns.com
lmandarin.com
bornholm-urlaub.info
rodictibey.quest
saiione.com
flydakhla.com
surveycourses.com
bestnico.space
huvao.com
uptownholding.com
elitesellerstrafficnet.com
zitzies.xyz
supermercadolonuestro.com
laptoppricenepal.com
navyantra.com
myjms315.com
loanswithbrian.net
birbeygrup.xyz
trend-marketing.club
meipassion.com
amtha.com
witlyza.com
boardsandbeamsdecor.com
c2batwpnmu5uvtvnvfk5916.com
yavuzselimorganizasyon.com
4580055.xyz
brimstrategy.com
Targets
-
-
Target
CRYPTO INVOICE APPROVED.pif
-
Size
250KB
-
MD5
9eb725df8f30e3dae7b3197a1783eaea
-
SHA1
7484f0d4ff29b450339c24c40b771f88e2d907d7
-
SHA256
f55c9c2bdda3ecb1e3404ec6c003f146204ed5fd550b6de28a50ee1bdfb722c4
-
SHA512
9be53f3c9e0dd9218bd197c09f232a5f3af7470a14b7f58ab346d3ee6a8155ec739416d57053ae7f0429a3483ed6babb69ff70b2195bea794f853529663ca17d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-