General
-
Target
Purchase Order..exe
-
Size
762KB
-
Sample
220221-zxvl6sbhfn
-
MD5
856532151e634510511b4a686ecc3e85
-
SHA1
7a775814e8da28814d135c3225474b214bac9bd5
-
SHA256
f840b70fdadb374f3b3e6829a5d0ffd76eafb4da162b1be0874fa2d08172dde8
-
SHA512
7b0b0fd4d268d2597e5c71a9d598fbf0a191dbb1d3af8c0e2a06c6d0bc318147e30a3a82ebbafc01697e0cc5ae819b4c6fc709aa6c7315e05cf599853e903b79
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order..exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
b8eu
coeusconsultancy.com
allutravel.com
frustratedsportsfan.com
notch.host
cvkur.com
dunamisathletics.com
citycourtlafayetteclass.com
tastingpay.com
beriteautoglass.com
mexicanaenergy.com
karaokepkllkb.xyz
equiposymaquinasparamineria.com
fsmgayrimenkulbursa.com
femmequidanseaveclalune.com
frfrjrbfkfncifnsnqwnxbcb.com
jmwxhsbktiyq7.xyz
nevirame.com
wppaulwriter.com
anandiaper.xyz
krasamart.com
osakebatake.com
procofun.com
makingcash4u.online
tbrme.plus
nfqch.com
regitconvention.com
lawyer-kuchukov.online
encontrartrabajosbuscarmex.com
robyngauer.com
awarity.agency
holyhirschsprungs.com
katiesmobilestyling.com
rj3143.com
theheroinejourney.net
jktechsupport.com
smartlifestickpack.net
getelements.today
awaknofficial.com
officereinstatementsg.com
cgloansllc.com
infra-hiit.com
additionstore.com
zerotocloudengineers.com
rezendetube.com
tarotgatahechizos.com
tanakaya-jp.com
krakow-nagromadzenie.space
frontpage.asia
exclusivedigitalprinting.com
bacnebuster.com
zbhuizhu.com
amenosu.com
sgparking.com
ynov-lille.com
kazamiharutoki.com
nottryingdoing.com
healthyeatingbooknow.com
thevisionagency.net
bjhaqx.com
qhzhuhang.com
ferryal.xyz
diglib.info
soulshine.today
mamazdenka.com
millennialsofacertainage.com
Targets
-
-
Target
Purchase Order..exe
-
Size
762KB
-
MD5
856532151e634510511b4a686ecc3e85
-
SHA1
7a775814e8da28814d135c3225474b214bac9bd5
-
SHA256
f840b70fdadb374f3b3e6829a5d0ffd76eafb4da162b1be0874fa2d08172dde8
-
SHA512
7b0b0fd4d268d2597e5c71a9d598fbf0a191dbb1d3af8c0e2a06c6d0bc318147e30a3a82ebbafc01697e0cc5ae819b4c6fc709aa6c7315e05cf599853e903b79
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-