General
-
Target
Contract Invoice.exe
-
Size
479KB
-
Sample
220131-jj8zmsggel
-
MD5
4c86a722b72090ef4d09c46fa6376da8
-
SHA1
9f38ddbe34f823c2b05157a98bc0dec2093842fd
-
SHA256
3e317e0e4e62e0842ba4d1d52f8bd3e45a1b7a8e01e784771803d722dbfaf3a8
-
SHA512
29020e64d2530a591bc9c8948eb20d22a59f7765d28e63db3293e4c738344a91d6763a7019a82b7b389dc491771805d58260c524b1c462807e96c3c284a5d6a6
Static task
static1
Behavioral task
behavioral1
Sample
Contract Invoice.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
oms5
stepfantasy.media
kentuckyvapeshop.com
mod-hotels.com
kkstudy.net
temanfts.xyz
lzcsj.com
7808aaa.com
1sab.claims
yangraclelamb.com
tndlz.com
lndjg.com
scjmzs.com
galabet0350.com
xn--mobile-bar-mnchen-e3b.com
lufkinreign.com
beweig.com
happygirlxxx.com
datapieces.com
happysad.store
sweet-comforts.com
anyidiapers.com
gpsmicro.com
cryptoprices.info
youngjoo-lee.com
escortankara.xyz
thesaymedical.com
176ssjp0032.xyz
alexandercitizens.com
netlibya.com
cloudboekhouding.online
deepestatscah.online
xn--fiqa599al44d.xn--czru2d
jdm-classics.com
ospreytracking.com
shzhenjiu.com
tvframesdisply.com
flyducky.com
karataamabo.quest
charliewitzel.com
hevanlyhandbags.com
clarityconfidencecoach.com
gvtklyraqyhb.mobi
aeil.info
mascaraheroe.com
cellphonepartsand.tools
trophyclubtrack.com
nurixpharmaceutical.com
zoltarwholesalemerchandise.com
jamesjalberino.com
humidicx.com
alashpride.info
myeaglelasers.com
hampadco.com
cusmose.com
innovagraphic.com
listingofferflow.com
ceoalg.com
beyondbeliefservices.com
hasanustamersintantuni.com
casualfox.net
tenloe073.xyz
businessbkk.com
madridades.com
xxmyw.com
multiplus-cursos-online.com
Targets
-
-
Target
Contract Invoice.exe
-
Size
479KB
-
MD5
4c86a722b72090ef4d09c46fa6376da8
-
SHA1
9f38ddbe34f823c2b05157a98bc0dec2093842fd
-
SHA256
3e317e0e4e62e0842ba4d1d52f8bd3e45a1b7a8e01e784771803d722dbfaf3a8
-
SHA512
29020e64d2530a591bc9c8948eb20d22a59f7765d28e63db3293e4c738344a91d6763a7019a82b7b389dc491771805d58260c524b1c462807e96c3c284a5d6a6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-