General
-
Target
PAYMENT INSTRUCTIONS COPY.exe
-
Size
338KB
-
Sample
220225-lfw7sahaaq
-
MD5
c3ed9e3e0a175a9b8cf5cf02598e99b1
-
SHA1
444452c7815dc8fb47ad829af43ec0527f6bcc57
-
SHA256
37fb6b86524033fb07847e3550977bd8028701039465431bd89a33e870ff2c4d
-
SHA512
632e314f921bf8a13f2f04aa2270b87fa7e29f00e35d941260f24c1d08b1bcfae8b58823629bed3d2c5d6bf480619c8aa97523ca33d1d68ce3ea2a90bd3fd363
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT INSTRUCTIONS COPY.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
yrcy
sturlabas.com
tantrungcompany.com
wildgraceyogahealing.com
wsparalegal.com
8xhgq.xyz
mysaylav.com
amelntl.net
cooleshow.online
adventuresbydisneyathome.com
sprinklekart.com
prostitutkitambovasuck.info
pakdao.com
finsith.com
nightpartner82.xyz
sex9a4ufbj.com
ketohousee.com
mairie-les-cammazes.com
elebots.xyz
highqualityremodeling.net
teamsterslocal553.com
rws3.xyz
ngucocloisua.online
waiting-game.com
chauffeureddriven.com
makemusictemecula.com
17taol.com
big-swindle.com
surveycourses.com
my-safqati.com
gn-powerplants.com
colorgameph.com
jaysingpurchessacademy.com
onlinedon.net
sebashtiana.com
vitamincfood.com
thesportcollective.com
tradableassettokens.com
worldhealthnutrition.com
let-value.com
tanyademby.com
tollesonhouses.com
puzzleadventure.city
mindsetolimpionico.com
krakenind.com
investorsbak.com
tenloe049.xyz
gooddeals4u.online
adelphosformacao.com
cyndeiversondesigns.com
hrofmdieh.com
volucercab.com
bitcoindatai.com
gokelmining.com
magicbasketbourse.net
myblessedgeneration.com
super-trade.online
onevishnu.online
ctr-expert.com
globalitinfra.com
lickmychili.com
0xbot.net
91aaa.net
b3yg6g.com
ruleship.com
lifescreativeflow.com
Targets
-
-
Target
PAYMENT INSTRUCTIONS COPY.exe
-
Size
338KB
-
MD5
c3ed9e3e0a175a9b8cf5cf02598e99b1
-
SHA1
444452c7815dc8fb47ad829af43ec0527f6bcc57
-
SHA256
37fb6b86524033fb07847e3550977bd8028701039465431bd89a33e870ff2c4d
-
SHA512
632e314f921bf8a13f2f04aa2270b87fa7e29f00e35d941260f24c1d08b1bcfae8b58823629bed3d2c5d6bf480619c8aa97523ca33d1d68ce3ea2a90bd3fd363
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-