General
-
Target
VESSEL DESCRIPTION MV BERKAY N - IMO NO 9524827_PDF.7z
-
Size
357KB
-
Sample
220131-phstxshbcn
-
MD5
026a7cf8124919cfa148613d35939397
-
SHA1
5530a07c5469a77673fdc874c2c7614e1dfb6df5
-
SHA256
1bc0a120ac4b42b8463e8ab3fccaba54c810fa75475e5606a65ea371e7987782
-
SHA512
89f62c989b6fb26d2edbee9d08dd37793f76ac0ffb753ba4edeaf480b24250efcd1251ffaedfd285e3d0c0a9f60506b08497b7808de289cd937c2d3eb0df196d
Static task
static1
Behavioral task
behavioral1
Sample
VESSEL DESCRIPCTION MV BERKAY N - IMO NO 9524827_PDF.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
VESSEL DESCRIPCTION MV BERKAY N - IMO NO 9524827_PDF.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
b23k
foxsistersofhydesville.com
jetronbang.com
agriturismopartingoli.com
ihiinscus.com
zaksrestaurants.store
aspetac.com
ycjhjd.com
fountainspringscapemay.com
earlydose.com
nocodebelgium.com
65235.xyz
yasesite.com
steeltoilets.com
xceqa.xyz
2021udtv.com
belorusneft.top
the4asofdekhockey.com
gertexhosiery.com
fidelismortgages.com
bellacomoninguna.com
arab-carrier.com
xn--meng-bh8p60mfo2bn4z.com
wesavebig.com
033yu.xyz
vatgia9.com
withph.net
eastvastness.com
xzq797979.net
jostela.com
orzame.com
benzobluedi.com
tennistshirtz.com
bostondowntownrealestate.com
vendingandco.services
thespiritnewsletter.com
hyperprdouctivebiz.com
aiasoundfestival.com
6313671.club
tinampalermo.com
princess-solana-nft.com
hype-clicks.com
pwaygaonkar.net
joygwant.store
bestinsurance-quote-tx.com
charaburgh.com
caryfer.com
metruyen.online
foodemsa.com
elonnews.info
djxhwl.com
sumauto.net
degensimulator.xyz
ibankglobalfinance.xyz
namaqualand.xyz
saysylver.com
gcato.xyz
ironangelcreations.store
klayraccoonman.com
cashflow.asia
digital904.com
ouyangminwei.com
www2eee.com
494331.com
breastextra.com
ai-sakauchi.com
Targets
-
-
Target
VESSEL DESCRIPCTION MV BERKAY N - IMO NO 9524827_PDF.exe
-
Size
483KB
-
MD5
703540c2c3e8296b85f9860e4735d773
-
SHA1
a13a05a927377e54a006dcdf1a7b79e278eaee58
-
SHA256
95d52da676d92728d35e9fa0e6a49dc451dc83eadb8beb0ba0f2a3b891a69696
-
SHA512
ae70b95556b5263c7f4241ac24d0dd10d201f4858035359a8be41206c4778d164e768ac3ba0be6cd95c8ee38fafcdfb86ffe851e6e51e93b3520f8cdb8ce8ed6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-