General
-
Target
paking list PO no. 4600033008.exe
-
Size
929KB
-
Sample
220404-kbtqesghak
-
MD5
7a7964624fb816e0e1eb5fbc4f1c60b9
-
SHA1
67ac0d219fc0f36a8781efbd3ce679d03e7f51da
-
SHA256
08bb3c1e40fec4d0cec3b6cf4d0cc4363b5f3544358d77ba94611a812f1eac62
-
SHA512
d6a95b3fd7e0afed8b883660a95c03f761328651b078635483c2f42c8aa295892883e294cc7f93f0532ae4df6c55f45c0f88a0158d4867b821f91a846594fbb7
Static task
static1
Behavioral task
behavioral1
Sample
paking list PO no. 4600033008.exe
Resource
win7-20220331-en
Malware Config
Extracted
xloader
2.5
n8bs
monese-bank.com
silkypumps.xyz
tashabouvier.com
eduardoleonsilva.com
pinnaclecorporaterentals.com
megafluids.com
worldwidecarfans.com
benjamlnesq.com
unitedraxiapp.com
thetanheroes.com
jypmore.quest
indianasheriffs.biz
saintinstead.com
alldansmx.com
trulyproofreading.com
indotogel369.com
mermadekusse.store
radosenterprisellc.com
gseequalservices.com
techride.xyz
2031corp.com
centelytics.com
payperlivecalls.com
iphone13promax.guide
leadslingerstraining.com
generateideasint.com
afgelocal2741.com
n-visionlearning.com
strumagokart.quest
noisesocial.com
completefilmguide.com
mawuyrapaulin.com
heptagonfx.com
hype-clicks.com
uxog0.online
932381.com
trumpetrofnky.xyz
samudombang.com
hairtederionos.com
10karmy.com
nangniubanchanviet.online
brooklynprowellness.com
rockstarcleaningclub.com
rollnwin.top
breastextra.com
zahad-riedel.com
xuebqufvcdbgbqypuywgntpy.store
blogging2success.com
cnshippingagency.com
danielquasar.net
allthingsdog.info
legaltulsa.com
pure-impression.store
jonbeedle.com
ndtailgateofchampions.com
steelhorserescue.com
smart-realy.com
rebornmkt.com
zaktheme.xyz
myfranciscanshoe.com
linkedinupdate.com
fulviopires.com
magicspaces.digital
avtoshop761.com
myveguiolcusbyopappgroup.com
Targets
-
-
Target
paking list PO no. 4600033008.exe
-
Size
929KB
-
MD5
7a7964624fb816e0e1eb5fbc4f1c60b9
-
SHA1
67ac0d219fc0f36a8781efbd3ce679d03e7f51da
-
SHA256
08bb3c1e40fec4d0cec3b6cf4d0cc4363b5f3544358d77ba94611a812f1eac62
-
SHA512
d6a95b3fd7e0afed8b883660a95c03f761328651b078635483c2f42c8aa295892883e294cc7f93f0532ae4df6c55f45c0f88a0158d4867b821f91a846594fbb7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-