General
-
Target
5f8114d7abbf7e21f339fe9cc666931a2cd89bc4ef68de6e4030c25800649dc0
-
Size
598KB
-
Sample
220221-194laacbej
-
MD5
227251d9248fc05a0d3708197a9a8782
-
SHA1
80b84a5173c97adf94028707705aad0745bb8f31
-
SHA256
5f8114d7abbf7e21f339fe9cc666931a2cd89bc4ef68de6e4030c25800649dc0
-
SHA512
b86c36219d6057ff7b632c0126cf0147ca8627e1436f4d12cf45684327fd59837ad85daa634b546731b8fcd01aed422c6c31de6f509c0be434136890a9eb80ed
Static task
static1
Behavioral task
behavioral1
Sample
Invoice Payment Details.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
kio8
greeaircondition.com
thewilmingtonguide.com
cbluedotlivewdmall.com
globalcrime24.com
heightsplace.com
ghar.pro
asosbira.com
melolandia.com
velactun.com
erniesimms.com
nutbullet.com
drizzerstr.com
hnqym888.com
ghorowaseba.com
1317efoxchasedrive.info
stjudetroop623.com
facestaj.com
airpromaskaccessories.com
wolfetailors.com
56ohdc2016.com
estedindustries.com
magmaplant.net
tf-iot.com
jtkqmz.com
helmihendrahasilbumi.com
audiencetrust.sucks
thespiritualabolitionist.com
lauratoots.com
fantasticsgelato.com
allinoncrypto.site
youremsys.com
awesome-veganism.com
tsunrp.net
systizen.com
73gardinerdrive.com
legamedary.com
newyorkcityhemorrhoidclinic.com
ffhcompany.com
angermgmtathome.com
plantationrevival.com
utopicvibes.net
envirocare-ss.com
domentemenegi20.com
gropedais.club
thaibizgermany.com
noimagreece.com
yogabizhelp.com
sanrenzong.com
bingent.info
chinhphucphaidep.online
dubojx.com
jennaloren.com
thedesigneryshop.com
opera-historica.com
pizzaterry.com
the-aviate.com
perteprampram01.net
pastormariorondon.com
dream-case.com
ocleanwholesaler.com
masdimensiones.com
fireworkstycoons.com
porntvh.com
fixedpriceelectrician.com
smallcoloradoweddings.com
Targets
-
-
Target
Invoice Payment Details.exe
-
Size
892KB
-
MD5
9570c6d8cef329a8984dc89ecc786c28
-
SHA1
f318481b2fa2cc222bb783974c917f7c2b352c8f
-
SHA256
a55e49e3dffd386fbe1b8cfdafb4bcca81264b48e1fa2f9d68a7b8b12ec2bc7e
-
SHA512
3f1a3827be7daa886136c039b22a91d8c577e18f651cb414a2f9ebae258e45772533f17253f58a600c05b1307ef618ec6dd49ceebc5128333f53f83068293251
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-