General
-
Target
110322Payment Advice.img.iso
-
Size
310KB
-
Sample
220312-lssp5aecgm
-
MD5
c7419b425343a9f6734ba81a6db03f3a
-
SHA1
5e5e94b09518f300f214012f650affed33f1f04a
-
SHA256
b926e5e1a831d7c2db2fecb803943b65e2ee235e2995d62efc36fbbbb5b1b916
-
SHA512
2b395667546f193e76321647c625f57071755a7fcc3a4c776031374dc2fdd6e87e78480e54935770e62573f299d284cfd2ae0265e5ff8d9908c52760b5769754
Static task
static1
Behavioral task
behavioral1
Sample
110322Payment Advice.img.exe
Resource
win7-20220310-en
Malware Config
Extracted
xloader
2.5
be4o
neonewway.club
kuanghong.club
7bkj.com
ooo-club.com
kamchatka-agency.com
sjsndtvitzru.mobi
noireimpactcollective.net
justbe-event.com
easypeasy.community
southcoast.glass
janhenningsen.com
jmxyjj.com
tarihibilet.com
nagradi7.com
percentrostered.net
certvaxid.com
kingseafoodsydney.com
blacksheepwalk.com
waktuk.com
inteligenciaenrefrigeracion.com
marvinhull.com
fikretbayrakdar.com
rsxrsh.com
vastukalabid.com
belindahulett.com
aibet888.club
icarus-groupe.com
vendasdigitaisonline.com
fairytalepageants.com
imaginativeprint.com
quanqiu55555.com
owensigns.com
kaikkistore.com
dreamintelligent.com
piqqekqqbpjpajbzvvfqapwr.store
mariachinuevozacatecas24-7.com
glenndcp.com
vaughnediting.com
10dian-3.com
buresdx.com
itservon.com
buyingusedfurniture.com
elektropanjur.com
logotzo.com
eaglesaviationexperience.com
antoniopasciuti.com
personas1web.com
hvbatterystore.com
ksustudyabroad.com
4huav946.com
gojajix.xyz
kennycheng.tech
traditionnevertrend.com
mytrainermatrix.online
basculasperu.com
eljkj.com
teleconstructiongroup.com
28682df.com
altimiravet.com
worldplantaward.com
mydxza.com
josiemaran-supernatural.com
brainymortgage.info
diffamr.net
istemnetwork.com
Targets
-
-
Target
110322Payment Advice.img.exe
-
Size
249KB
-
MD5
f3e667cfdaab4b2c48deb58a2bfbb2e7
-
SHA1
7f6990e35ee10a42563626c9e9a62e1700866c9a
-
SHA256
bc0de8eda13f83b92b696086e054c0d2fe64cc1186ab36ed84fa58eb8e8c7906
-
SHA512
d8eda03fa256ed1a3d0b05bf960d282618fa5d6a9cd8cc270969d33a394c83619d6b517e34538381b51b83fe1d1fd266d1efa6d579a9e72c763fa5c2a521d09f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-