General
-
Target
PO 042022_pdf.exe
-
Size
302KB
-
Sample
220315-ss7mlsbeak
-
MD5
e11ad2dea6d6f7e0c18f7bcd68145c0b
-
SHA1
afd9685a534c21a71a66c51753579a8df45b2da3
-
SHA256
b35221e7befb183f64023ff8fe5bffbd5d784780be6f3036e8ad62756273df77
-
SHA512
7c271ccb18f446776d2b60ded398e0f6cc607e52aaaa8efe18a9f3967924082dd94e93722055343fe12818b00641fb3d3e9d597465786803827f6ce78f4a86e2
Static task
static1
Behavioral task
behavioral1
Sample
PO 042022_pdf.exe
Resource
win7-20220310-en
Malware Config
Extracted
xloader
2.5
ubqk
tundrat-celltherapy.com
superfinance.club
5x5week.com
687504.com
clarkdn.com
potterypklsck.xyz
4m5k.com
21t8.com
94o2ohfjg.com
bhupendratravels.com
nomadashop.com
w388bet.bet
naturalenetwork.net
tupaqu.com
osooir.com
jengly.com
cbsharjah.icu
tokowallpaperbekasi.com
baggamut.com
upoon81.com
thenewfitnessheros.com
uplearns.info
ansp3.xyz
alamocitywrap.com
queroseusucesso.com
stoneandreesteam.com
sdtcm.quest
bicoastalhempconnect.com
northcarolinahempcrete.com
frator.xyz
arches2.com
reyuzed.com
klamc.xyz
fesoftware.net
montecristo.network
enrolltx.com
xebervaxti.info
kioskpass.com
obio-energi.com
metamode.xyz
linyiqingzhou.com
lawajay.com
compmastrdocxc.store
artscience.xyz
graphic-touch.com
metaversetoken.digital
candgconstructiontx.com
insighttactics.net
ameripriseonnet.net
llaa12.xyz
taoluzhibo.show
biensetservicesenlimo.com
hospifancy.com
marmitafitcomamor.space
anapriscilamarketing.com
falak-online.com
gvcthailand.com
xalixiang.com
atencionespecializada24hrs.com
bravasestudio.com
chek-enterprises.com
zikdating.com
dolphincomputergsk.com
tara88.com
3cnew.com
Targets
-
-
Target
PO 042022_pdf.exe
-
Size
302KB
-
MD5
e11ad2dea6d6f7e0c18f7bcd68145c0b
-
SHA1
afd9685a534c21a71a66c51753579a8df45b2da3
-
SHA256
b35221e7befb183f64023ff8fe5bffbd5d784780be6f3036e8ad62756273df77
-
SHA512
7c271ccb18f446776d2b60ded398e0f6cc607e52aaaa8efe18a9f3967924082dd94e93722055343fe12818b00641fb3d3e9d597465786803827f6ce78f4a86e2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-