General
-
Target
e30ab582725d38d32c525a049ec3fd428d674aaf7e18122cb420e1955f54ea4b
-
Size
282KB
-
Sample
220208-cfxnwacaan
-
MD5
5079465c9ae91ed612898977a68bc39e
-
SHA1
934de71e2de011af1811c28480fcaa1cb172f999
-
SHA256
e30ab582725d38d32c525a049ec3fd428d674aaf7e18122cb420e1955f54ea4b
-
SHA512
7b15375d6ebab8a3ba99bb459f0d5cb36bfefccc4627f4b7d08d76b37286b08e66aa5f9e33b84249b6e7caeec655b7188bcaeb938bed63e424016d407d70a8c8
Static task
static1
Behavioral task
behavioral1
Sample
30 percento,pdf.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
kio8
greeaircondition.com
thewilmingtonguide.com
cbluedotlivewdmall.com
globalcrime24.com
heightsplace.com
ghar.pro
asosbira.com
melolandia.com
velactun.com
erniesimms.com
nutbullet.com
drizzerstr.com
hnqym888.com
ghorowaseba.com
1317efoxchasedrive.info
stjudetroop623.com
facestaj.com
airpromaskaccessories.com
wolfetailors.com
56ohdc2016.com
estedindustries.com
magmaplant.net
tf-iot.com
jtkqmz.com
helmihendrahasilbumi.com
audiencetrust.sucks
thespiritualabolitionist.com
lauratoots.com
fantasticsgelato.com
allinoncrypto.site
youremsys.com
awesome-veganism.com
tsunrp.net
systizen.com
73gardinerdrive.com
legamedary.com
newyorkcityhemorrhoidclinic.com
ffhcompany.com
angermgmtathome.com
plantationrevival.com
utopicvibes.net
envirocare-ss.com
domentemenegi20.com
gropedais.club
thaibizgermany.com
noimagreece.com
yogabizhelp.com
sanrenzong.com
bingent.info
chinhphucphaidep.online
dubojx.com
jennaloren.com
thedesigneryshop.com
opera-historica.com
pizzaterry.com
the-aviate.com
perteprampram01.net
pastormariorondon.com
dream-case.com
ocleanwholesaler.com
masdimensiones.com
fireworkstycoons.com
porntvh.com
fixedpriceelectrician.com
smallcoloradoweddings.com
Targets
-
-
Target
30 percento,pdf.exe
-
Size
221KB
-
MD5
9b1ec43999de28a3228942e815c72bed
-
SHA1
d37380fab9b73c2d9cfdf93710a30e7bfd26309a
-
SHA256
17dbd8dd053a49bd380a82768b7f8d115d84f81382afa6913164327cb237de5b
-
SHA512
2060a1f945d431b578cb8ab774a577edcb7c6950ef2ae27b0fea28b7db3b302fe7f12643262763b8219ffc6932f013f9b01489970609e52c1a8402d7ba8ac34b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-