General
-
Target
Purchase Order FEB22_76543.zip
-
Size
550KB
-
Sample
220216-stbassdbbp
-
MD5
a6100f51a524d227aa5cdbd72d594eaa
-
SHA1
ce29b05189296e93ac8302b848fe51c541651697
-
SHA256
3113b0fca0c98040820bffbc1dfb34b9252a73765a37de7d753f8d4cc318a425
-
SHA512
389591a5191834fbf288c6c06a70ae23dea044f4e9f3a04768d0959efa830ee992aa183db81bc09c8f391f78a7d2912adbc155684ec061d05fb271469f585aec
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order FEB22_76543.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
zqzw
laurentmathieu.com
nohohonndana.com
hhmc.info
shophallows.com
blazebunk.com
goodbridge.xyz
flakycloud.com
bakermckenziegroups.com
formation-adistance.com
lovingearthbotanicals.com
tbrservice.plus
heritagehousehotels.com
drwbuildersco.com
lacsghb.com
wain3x.com
dadreview.club
continiutycp.com
cockgirls.com
48mpt.xyz
033skz.xyz
gmconstructionlnc.com
ms-mint.com
aenrione.xyz
honxuan.com
snowmanvila.com
cig-online.com
valetvolley.com
bjsnft.com
bennystrom.com
flw.ink
clarissagrandiart.com
samfamstudio.com
pamschams.com
edgar-regale.com
combi-tech.tech
00xwq.online
eclipseconstrucciones.com
plick-click.com
dive.education
regenelis.com
blue-chipwordtoscan-today.info
xn--rsso51aevf65u.com
maonagrana.com
lucasdebatintrader.com
cassijohnson.com
roeten.online
into-concrete.xyz
motovip.store
floryfab.com
slkykq.com
vidyakala.com
stairwaystowealth.com
meganandbobbyprine.com
arestradings.com
emilyschlueter.com
platanin.com
hnhstudios.com
dmembutidos.com
dcassorealtor.com
megamobil.wien
001skz.xyz
5t45urfgurkhgbvkhbuh.com
a3hd.com
newmexicotruckwrecklawyers.com
trabaho-academy.net
Targets
-
-
Target
Purchase Order FEB22_76543.exe
-
Size
707KB
-
MD5
427ef5f4e1143ad34c33b26dc4681661
-
SHA1
673fb1a58e4707ad783d03ca97b3fbd8b4cad73a
-
SHA256
cd4ee025ad3406b7e572952d42465eee19649cef6c0d3a6acbb0e972096988f4
-
SHA512
b225afbb07853516f1b741e833e1a63026c0dc5adbb0c3fcfb48f8c6681bc770558499df3d3f5c17df45395dedc3624a1e8fa6498395ac20a82f44e27a61dfbb
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-