General
-
Target
Order-71130319-pdf.img
-
Size
1.2MB
-
Sample
220209-kxyaqshhgp
-
MD5
5cf5b72a5be2ece2f08e71896e8494bb
-
SHA1
8b8fbf43e29d6cbbdaaf1bb4f02d7edba28f1908
-
SHA256
f6322fb68a262178737fa6c63ba5c075c3d78ae0dd5b278326ffcb6f7f3efe59
-
SHA512
37b2a8943449355b86e9f0af1ca00a699cae4db945486f6d91d8cfdd2b17b1bab876bec76f539b70f4a459302c60c3ff171bd33f335a6d7ef96f8d51f0bf69ed
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_71.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
uar3
sgadvocats.com
mjscannabus.com
hilldaley.com
ksdollhouse.com
hotgiftboutique.com
purebloodsmeet.com
relaunched.info
cap-glove.com
productcollection.store
fulikyy.xyz
remoteaviationjobs.com
bestcleancrystal.com
virtualorganizationpartner.com
bookgocar.com
hattuafhv.quest
makonigroup.com
officecom-myaccount.com
malgorzata-lac.com
e-learningeducators.com
hygilaur.com
kgv-lachswehr.com
salazarcomunicacion.com
robopython.com
corporateequity.online
complianceservicegroup.com
aperza-ex.com
webflowusa.com
asesoriasfinancieras.xyz
missolivesbranches.com
numiquest.com
criskconsultancy.com
gotemup.com
themaptalk.com
lakebalboahalf.com
cateringfrenchcroissant.com
paddocklakerealestate.com
lojaquerosurprezza.store
courtneywhitearmusic.com
geovannimaquinadevendas.online
pricklypairjazz.com
engagedigi.com
conduitforthespirit.com
anaheimaletrail.com
wholesalemall.store
alertsbecu.com
gestion-kayfra.com
youcanstores.com
qsuo.net
formadv.info
dihesia.xyz
carrreir.com
twenteeminuteswithtee.com
realliferenewal.com
officialprokodsukses.icu
stanfordgrouploscabos.com
maxicashpromir.xyz
zysqshjs.com
trc-clicks.com
chsclbd.com
amdproduce.net
republicoflies.com
beaux-parents.com
lucrativeapp.com
milbombas.com
alexanderplaywear.com
Targets
-
-
Target
ORDER_71.PIF
-
Size
262KB
-
MD5
78c4e0ee7d553496e9123839c8fa144c
-
SHA1
ff5f5c69e406500adff16452c71bf4e0c1322455
-
SHA256
3c281d772b25ef5bed141574c037855aee8321aec2f3dd272c3526af659795dc
-
SHA512
832989a7bcbe37d6664934e1d57e95ed55cc8eb635e962bae8070e4bc68f6a4707789105069c2bf8277d1154a0034b7fcf7807c38e66820810e63e5475a948ae
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-