General
-
Target
Purchase Order.exe
-
Size
300KB
-
Sample
220321-pt3hhacdaj
-
MD5
4f330209cb5f706da6ac858c06f9ef48
-
SHA1
703aae256afa3bc08683f2332a06d5e11dd147aa
-
SHA256
704f63330e41ba5e17d5c0628e755ac3acd41392b43d72ed951900eaf78141cd
-
SHA512
9afcb75544d24690c604f72e83205ec83c5641af45018c91f058ced29224b40cf356125ef3d1663d3891373a35e132ff92903c14009234779c9960f4486f65f6
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220311-en
Malware Config
Extracted
xloader
2.5
noi6
sukiller.com
finistere.today
pipandelli.com
thegulfweek.com
piggoz.com
leofighters.com
hkako.com
rafipuff.store
gxzcgl.com
mayuracaps.com
merry-ux.com
classicalequestrianacademy.com
pancakesawp.club
theinspiredfutures.com
dunkadogllc.com
bklmkm.com
glow-fabric.com
b2bxcal.xyz
autostorageco.com
ellyandjessee.com
jltmediaholdings.com
projectmi.info
kyrecoverycafe.com
qxfhmcj.com
blushingandco.com
velocitydistrict.com
omklemcapron.quest
iojliif.com
alienrest.xyz
dalaapp.com
pyrfos.com
syuanen.com
tbr247.plus
warriorsouls.com
franksmobiletires.net
xccessorizeme.com
desfrallde.club
us-en-finance.com
gladonly.com
workingholiday5.com
stellascrubs.com
tobemi.com
seanse.info
parmetanilao.quest
trekhaakmontage.com
dieconnecterei.com
testdomain232345.com
jgkim-sa.com
nursesdock.com
sensinfo.art
thejaipurpublicschool.com
jyuken-dojo.com
experienceanewexceptional.com
michellehondainternational.com
ydanerrioscolon.com
dbcvj.com
officeofthefuture.life
claimchip.com
xn--he5b2j35bi2d87v.com
allancomputers.com
pjbyun.xyz
kraines3.com
929efem.com
family-legends.com
igconsultoria.com
Targets
-
-
Target
Purchase Order.exe
-
Size
300KB
-
MD5
4f330209cb5f706da6ac858c06f9ef48
-
SHA1
703aae256afa3bc08683f2332a06d5e11dd147aa
-
SHA256
704f63330e41ba5e17d5c0628e755ac3acd41392b43d72ed951900eaf78141cd
-
SHA512
9afcb75544d24690c604f72e83205ec83c5641af45018c91f058ced29224b40cf356125ef3d1663d3891373a35e132ff92903c14009234779c9960f4486f65f6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-