General
-
Target
Scan 28837646737664829193848843 pdf.exe
-
Size
1.2MB
-
Sample
220323-kydygsfdhl
-
MD5
3ebd21231dabb0ade99fee5da48309a2
-
SHA1
1df621e0616b6a0c2c5ec0acd2d27ec8ea72e097
-
SHA256
b10824c56d2ef6aa6af1474f898e5578bb6f6155eb4f9cd63ef3e7fd36c2a827
-
SHA512
c4ec1e6010bb1d78b4f342b03e415c7118d0075d162e5ae9492e056499a22a581ac5d3568c9d17522c994fcfad35f9e7d7e12ff39d15939d8cef8f552da5321a
Static task
static1
Behavioral task
behavioral1
Sample
Scan 28837646737664829193848843 pdf.exe
Resource
win7-20220311-en
Malware Config
Extracted
xloader
2.5
ubqk
tundrat-celltherapy.com
superfinance.club
5x5week.com
687504.com
clarkdn.com
potterypklsck.xyz
4m5k.com
21t8.com
94o2ohfjg.com
bhupendratravels.com
nomadashop.com
w388bet.bet
naturalenetwork.net
tupaqu.com
osooir.com
jengly.com
cbsharjah.icu
tokowallpaperbekasi.com
baggamut.com
upoon81.com
thenewfitnessheros.com
uplearns.info
ansp3.xyz
alamocitywrap.com
queroseusucesso.com
stoneandreesteam.com
sdtcm.quest
bicoastalhempconnect.com
northcarolinahempcrete.com
frator.xyz
arches2.com
reyuzed.com
klamc.xyz
fesoftware.net
montecristo.network
enrolltx.com
xebervaxti.info
kioskpass.com
obio-energi.com
metamode.xyz
linyiqingzhou.com
lawajay.com
compmastrdocxc.store
artscience.xyz
graphic-touch.com
metaversetoken.digital
candgconstructiontx.com
insighttactics.net
ameripriseonnet.net
llaa12.xyz
taoluzhibo.show
biensetservicesenlimo.com
hospifancy.com
marmitafitcomamor.space
anapriscilamarketing.com
falak-online.com
gvcthailand.com
xalixiang.com
atencionespecializada24hrs.com
bravasestudio.com
chek-enterprises.com
zikdating.com
dolphincomputergsk.com
tara88.com
3cnew.com
Targets
-
-
Target
Scan 28837646737664829193848843 pdf.exe
-
Size
1.2MB
-
MD5
3ebd21231dabb0ade99fee5da48309a2
-
SHA1
1df621e0616b6a0c2c5ec0acd2d27ec8ea72e097
-
SHA256
b10824c56d2ef6aa6af1474f898e5578bb6f6155eb4f9cd63ef3e7fd36c2a827
-
SHA512
c4ec1e6010bb1d78b4f342b03e415c7118d0075d162e5ae9492e056499a22a581ac5d3568c9d17522c994fcfad35f9e7d7e12ff39d15939d8cef8f552da5321a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-