General
-
Target
Scan USD71,450, 1377447785944885774767657488838373732727722 pdf.exe
-
Size
604KB
-
Sample
220330-gak54schen
-
MD5
d732209429d28d723d16e5dc44dac44a
-
SHA1
b18407ce232d02630d81ca5ddbfa48048be0986f
-
SHA256
5b7e6064da84bcf2e74e9c66e3a05c6f92c4804d28406e9ec91a4ae3de4d1fe7
-
SHA512
f2f87f618bbe52bc6d5dce819a15b39fcba7bbd9018bfd47076975d7bccdf13d3bbb2d8375cf7893d9248979a99b3b721da8d7c5ab70caeb0ee765810a35835b
Static task
static1
Behavioral task
behavioral1
Sample
Scan USD71,450, 1377447785944885774767657488838373732727722 pdf.exe
Resource
win7-20220311-en
Malware Config
Extracted
xloader
2.5
ubqk
tundrat-celltherapy.com
superfinance.club
5x5week.com
687504.com
clarkdn.com
potterypklsck.xyz
4m5k.com
21t8.com
94o2ohfjg.com
bhupendratravels.com
nomadashop.com
w388bet.bet
naturalenetwork.net
tupaqu.com
osooir.com
jengly.com
cbsharjah.icu
tokowallpaperbekasi.com
baggamut.com
upoon81.com
thenewfitnessheros.com
uplearns.info
ansp3.xyz
alamocitywrap.com
queroseusucesso.com
stoneandreesteam.com
sdtcm.quest
bicoastalhempconnect.com
northcarolinahempcrete.com
frator.xyz
arches2.com
reyuzed.com
klamc.xyz
fesoftware.net
montecristo.network
enrolltx.com
xebervaxti.info
kioskpass.com
obio-energi.com
metamode.xyz
linyiqingzhou.com
lawajay.com
compmastrdocxc.store
artscience.xyz
graphic-touch.com
metaversetoken.digital
candgconstructiontx.com
insighttactics.net
ameripriseonnet.net
llaa12.xyz
taoluzhibo.show
biensetservicesenlimo.com
hospifancy.com
marmitafitcomamor.space
anapriscilamarketing.com
falak-online.com
gvcthailand.com
xalixiang.com
atencionespecializada24hrs.com
bravasestudio.com
chek-enterprises.com
zikdating.com
dolphincomputergsk.com
tara88.com
3cnew.com
Targets
-
-
Target
Scan USD71,450, 1377447785944885774767657488838373732727722 pdf.exe
-
Size
604KB
-
MD5
d732209429d28d723d16e5dc44dac44a
-
SHA1
b18407ce232d02630d81ca5ddbfa48048be0986f
-
SHA256
5b7e6064da84bcf2e74e9c66e3a05c6f92c4804d28406e9ec91a4ae3de4d1fe7
-
SHA512
f2f87f618bbe52bc6d5dce819a15b39fcba7bbd9018bfd47076975d7bccdf13d3bbb2d8375cf7893d9248979a99b3b721da8d7c5ab70caeb0ee765810a35835b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-