General
-
Target
Order-9411574-pdf.pif
-
Size
249KB
-
Sample
220207-jwf5dshebr
-
MD5
58e91c804bf83bcb330d64d87bdd7abf
-
SHA1
9f00f81e64cbe3445a1f3f5f24976d736e8543ca
-
SHA256
d0d523bb3e44390067122f5b4768ee44811c00f14a344dd70e71d4c2bcf4962d
-
SHA512
aaf401d5f4a35325677ba978d170204d1305759c763b3d345d2817080cfb0707acb3703548f29db2c520faf3f2ba8835adeec435da59dfea1d3c03527f400ddb
Static task
static1
Behavioral task
behavioral1
Sample
Order-9411574-pdf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Order-9411574-pdf.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
uar3
sgadvocats.com
mjscannabus.com
hilldaley.com
ksdollhouse.com
hotgiftboutique.com
purebloodsmeet.com
relaunched.info
cap-glove.com
productcollection.store
fulikyy.xyz
remoteaviationjobs.com
bestcleancrystal.com
virtualorganizationpartner.com
bookgocar.com
hattuafhv.quest
makonigroup.com
officecom-myaccount.com
malgorzata-lac.com
e-learningeducators.com
hygilaur.com
kgv-lachswehr.com
salazarcomunicacion.com
robopython.com
corporateequity.online
complianceservicegroup.com
aperza-ex.com
webflowusa.com
asesoriasfinancieras.xyz
missolivesbranches.com
numiquest.com
criskconsultancy.com
gotemup.com
themaptalk.com
lakebalboahalf.com
cateringfrenchcroissant.com
paddocklakerealestate.com
lojaquerosurprezza.store
courtneywhitearmusic.com
geovannimaquinadevendas.online
pricklypairjazz.com
engagedigi.com
conduitforthespirit.com
anaheimaletrail.com
wholesalemall.store
alertsbecu.com
gestion-kayfra.com
youcanstores.com
qsuo.net
formadv.info
dihesia.xyz
carrreir.com
twenteeminuteswithtee.com
realliferenewal.com
officialprokodsukses.icu
stanfordgrouploscabos.com
maxicashpromir.xyz
zysqshjs.com
trc-clicks.com
chsclbd.com
amdproduce.net
republicoflies.com
beaux-parents.com
lucrativeapp.com
milbombas.com
alexanderplaywear.com
Targets
-
-
Target
Order-9411574-pdf.pif
-
Size
249KB
-
MD5
58e91c804bf83bcb330d64d87bdd7abf
-
SHA1
9f00f81e64cbe3445a1f3f5f24976d736e8543ca
-
SHA256
d0d523bb3e44390067122f5b4768ee44811c00f14a344dd70e71d4c2bcf4962d
-
SHA512
aaf401d5f4a35325677ba978d170204d1305759c763b3d345d2817080cfb0707acb3703548f29db2c520faf3f2ba8835adeec435da59dfea1d3c03527f400ddb
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-