General
-
Target
RECEIPT REF NO 002627262.pif
-
Size
302KB
-
Sample
220223-rk1cwsbgcm
-
MD5
5d333987aafbd8bf8df57e9b9e56b4ac
-
SHA1
c7bc50b60c4b20e1bf40eed679def38e46c0fb13
-
SHA256
3353fe4567105c292bdae27525448f7d7a5d0b174e097355ff04e75057dd63f3
-
SHA512
38eccdd1bd52da95835c8305257aa0b548a7582d04a87f2c06e82365cf00fdd699cb6ecc46b40146a658b9f4efae562141d809ad7b05ddfebc5d694b6417e517
Static task
static1
Behavioral task
behavioral1
Sample
RECEIPT REF NO 002627262.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
rmfg
prospectcompounding.com
grand-prix.voyage
solvingpklogc.xyz
eliamhome.com
gamevip88.club
arsels.info
dswlt.com
dchehe.com
lawyerjerusalem.com
pbnseo.xyz
apuryifuid.com
kiukiupoker88.net
leannonimpact.com
kare-furniture.com
mississaugaremax.online
zpyh198.com
dueplay.store
naimi.ltd
greenstepspodiatry.com
cewirtanen.com
stonebyparamount.com
stellenbargains.com
meyerranch.realty
bitcoingrab.com
ifjejijfe.xyz
drjeannerot.com
trgau.com
thailandland.land
satupena.info
coinzillo.com
cloudreveller.digital
wilsoncreekarts.com
hyalucaps.com
dempius.com
onycostopsale.com
54jjpygl.xyz
quick2repair.net
tpyrj.com
cyndeiversondesigns.com
lmandarin.com
bornholm-urlaub.info
rodictibey.quest
saiione.com
flydakhla.com
surveycourses.com
bestnico.space
huvao.com
uptownholding.com
elitesellerstrafficnet.com
zitzies.xyz
supermercadolonuestro.com
laptoppricenepal.com
navyantra.com
myjms315.com
loanswithbrian.net
birbeygrup.xyz
trend-marketing.club
meipassion.com
amtha.com
witlyza.com
boardsandbeamsdecor.com
c2batwpnmu5uvtvnvfk5916.com
yavuzselimorganizasyon.com
4580055.xyz
brimstrategy.com
Targets
-
-
Target
RECEIPT REF NO 002627262.pif
-
Size
302KB
-
MD5
5d333987aafbd8bf8df57e9b9e56b4ac
-
SHA1
c7bc50b60c4b20e1bf40eed679def38e46c0fb13
-
SHA256
3353fe4567105c292bdae27525448f7d7a5d0b174e097355ff04e75057dd63f3
-
SHA512
38eccdd1bd52da95835c8305257aa0b548a7582d04a87f2c06e82365cf00fdd699cb6ecc46b40146a658b9f4efae562141d809ad7b05ddfebc5d694b6417e517
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-