General
-
Target
Product_Order#250422.exe
-
Size
257KB
-
Sample
220426-gcv34afcak
-
MD5
265de87c891fc42f378339b4ce0406f5
-
SHA1
76dee4e7e7c2f22da904b6629880c3f89dca8fed
-
SHA256
2affbb57b10032083dc1fe15a3c1ff1a2aa0b59f74b4ac6d094e94db6a650faa
-
SHA512
ca3e0a56c00928958f406ea5841b8c3f21076cd57e31c1818f8801addb7d0436aaf75bc3ae75f0a859fd7601b8dd8569ee658892bff00124324bc76b1a327f4f
Static task
static1
Behavioral task
behavioral1
Sample
Product_Order#250422.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
dx3n
polebear.xyz
luciamoca.com
185451.com
bookfriendspodcast.net
reliancetechsolutions.com
wuzuiso.com
ig-representative.com
ryotaohno.com
wlnhcl.com
oasispoolth.com
fo71.com
storyandidentity.com
sayarpro.com
arrow-electronics-corps.net
brasbux.com
nigeriaafricasummit.com
choud.store
medicareopenenrollment.info
amlhcz.com
fdklflkdioerklfdke.store
andreanieblas.com
whhsdzyl.com
millionistabruja.com
treeteescoop.com
taob518.com
wasjesusmarried.net
travisleecontracting.com
wearemarinemarine.com
hallywoodfire.com
girotonix.space
dietnow3.info
water07.com
girlnextdoorlashes.com
healthoffword.xyz
picketfenceboutique.com
coobons.com
johnfrenchart.com
xn--snabbtkrkortonline-j3b.com
silkyskin.one
mskstyle777.store
themetamorfose.com
psd2reality.com
04htt.xyz
report-help-session.com
huaxiayinshua.com
twinklylight.com
wrightpurpose.com
customsurfacescanada.com
ed1tconsulting.com
genesisfoundry.com
xxsq.net
hsncsoft.com
rfreilly.com
launchyourplffunnel.com
minjunsa.com
metaverseedtech.com
lens-experts.com
butikhira.xyz
onlinedatingoftallahassee.com
newarkroofingcontractor.com
jo1ntodaya.info
criticalequipmentservices.com
defence.group
appcast-60.com
iexiufu.net
Targets
-
-
Target
Product_Order#250422.exe
-
Size
257KB
-
MD5
265de87c891fc42f378339b4ce0406f5
-
SHA1
76dee4e7e7c2f22da904b6629880c3f89dca8fed
-
SHA256
2affbb57b10032083dc1fe15a3c1ff1a2aa0b59f74b4ac6d094e94db6a650faa
-
SHA512
ca3e0a56c00928958f406ea5841b8c3f21076cd57e31c1818f8801addb7d0436aaf75bc3ae75f0a859fd7601b8dd8569ee658892bff00124324bc76b1a327f4f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-