General
-
Target
RECEIPT 0266255252.pif
-
Size
300KB
-
Sample
220301-n4lgasbeap
-
MD5
c7012ce63b4ed9e49bf7be48fc27beae
-
SHA1
8c91c8e2a90b9e9b3d3dde1fb32e02e5de5dd347
-
SHA256
b3babb49432b3d09adbf7e79dfb2fe84f4d417ad394ccd59412c9e083a42a673
-
SHA512
6ded1f1974ace78c102fc60e65cef89b664860edd87938af9efa1b4574de43667b614fbc19f49fae2d018180a2a706181982179193bba5c5ccac565758ee2e60
Static task
static1
Behavioral task
behavioral1
Sample
RECEIPT 0266255252.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
rmfg
prospectcompounding.com
grand-prix.voyage
solvingpklogc.xyz
eliamhome.com
gamevip88.club
arsels.info
dswlt.com
dchehe.com
lawyerjerusalem.com
pbnseo.xyz
apuryifuid.com
kiukiupoker88.net
leannonimpact.com
kare-furniture.com
mississaugaremax.online
zpyh198.com
dueplay.store
naimi.ltd
greenstepspodiatry.com
cewirtanen.com
stonebyparamount.com
stellenbargains.com
meyerranch.realty
bitcoingrab.com
ifjejijfe.xyz
drjeannerot.com
trgau.com
thailandland.land
satupena.info
coinzillo.com
cloudreveller.digital
wilsoncreekarts.com
hyalucaps.com
dempius.com
onycostopsale.com
54jjpygl.xyz
quick2repair.net
tpyrj.com
cyndeiversondesigns.com
lmandarin.com
bornholm-urlaub.info
rodictibey.quest
saiione.com
flydakhla.com
surveycourses.com
bestnico.space
huvao.com
uptownholding.com
elitesellerstrafficnet.com
zitzies.xyz
supermercadolonuestro.com
laptoppricenepal.com
navyantra.com
myjms315.com
loanswithbrian.net
birbeygrup.xyz
trend-marketing.club
meipassion.com
amtha.com
witlyza.com
boardsandbeamsdecor.com
c2batwpnmu5uvtvnvfk5916.com
yavuzselimorganizasyon.com
4580055.xyz
brimstrategy.com
Targets
-
-
Target
RECEIPT 0266255252.pif
-
Size
300KB
-
MD5
c7012ce63b4ed9e49bf7be48fc27beae
-
SHA1
8c91c8e2a90b9e9b3d3dde1fb32e02e5de5dd347
-
SHA256
b3babb49432b3d09adbf7e79dfb2fe84f4d417ad394ccd59412c9e083a42a673
-
SHA512
6ded1f1974ace78c102fc60e65cef89b664860edd87938af9efa1b4574de43667b614fbc19f49fae2d018180a2a706181982179193bba5c5ccac565758ee2e60
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-