General
-
Target
Proforma Invoice #09876-INV-Order.PDF.iso
-
Size
714KB
-
Sample
220131-gw3x2sfhen
-
MD5
661fb4d9c4b89c75d4476e6acde7b690
-
SHA1
d370c8f850dcbd17221e73f256ecda31ecb1bb97
-
SHA256
215b42c65fc2922a20c663150654143d044d8ea7fd70c9243602652d38bf61dd
-
SHA512
8edbb004dae03ae6a2f558042cadf77aa5647fcadee6292814fbde819c9181ebe6da2e62f06516f7952c022a7fb7bdcde878019fe519c2f591fa1a4136a198e6
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice #09876-INV-Order.PDF.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
pout
leadergaterealty.com
k7bsz.info
laidjapp1.com
eastcountytaxi.com
betterlife-uae.com
materaiku.com
chanhxebinhthuan-hcm.online
06gjm.xyz
67t.xyz
here-we-meet.com
screened-articletoseetoday.info
lucykg.club
mujdobron.quest
susakhi.com
funtabse.com
unlimitedpain.com
2ed58fwec.xyz
weighttrainingexpert.com
allisonsheillax.com
yektaburgers.com
altijdstoer.info
airemspapartments.com
videomuncher.com
centerstagedrama.com
nikkou-toy.store
arequipesymerengues.com
haishandl.com
fy2zy5.com
mailheld.digital
sheepysage.com
fabricadocredito.com
siq212.com
moo-coo.com
hoomxb.net
6s2.space
rsholding.net
castellanacustomboats.online
tremblock.com
ramblingkinkster.com
teamsooners.club
onlinecasino-univ.com
dash8board.com
aichuncha.com
springhilllawn.com
zgluke.com
happynft.agency
urbanempireapparel.com
guanyiren.com
biglotteryking.com
marionkgregory.store
mujeresyaccion.com
smcusa.net
mayyon.net
vivibanca.website
15dgj.xyz
miabossjewelry.com
ideeperloshopping.cloud
healizy.com
huvao.com
huggsforbubbs.com
radiomacadam.online
firirifilms.com
knowhorses.com
chickenbeetlebooks.com
transtarintl.com
Targets
-
-
Target
Proforma Invoice #09876-INV-Order.PDF.exe
-
Size
652KB
-
MD5
e6deb32888a854099ad15feea9a528b6
-
SHA1
50f6573ee795bb5301ab75d3d1fe54cb02f4cef2
-
SHA256
e0da8ee3e3841832297dbb9aa41c61a4c0d4ed14cd62153da3742a5dfa7ea6e1
-
SHA512
ba35bb7d5cb11c4a3aff0bcb0c015f0cabdbc19325fcab2930bcd023b893a446780e8e580a560fbb45475e552b15ca6fa65e374f001824b670c07f18d8d9fa10
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-