General
-
Target
New purchase Order.exe
-
Size
477KB
-
Sample
220521-b3abeschd8
-
MD5
dd481272bd8f9e8ca40868e4a90db854
-
SHA1
8871b4d7173d89b539aa1b3e91139cb4c0ce744e
-
SHA256
8edf8a8b1972c8dd05a960b7a79a7a87c8977b69b700ab9db28bab9207b8b267
-
SHA512
168ed59d8f6edd7b37b44441480e59fdef67beb35487974aec59aa36852407c75d5537532f6cd0104327516fd2e0359fadb6fe56a8def782864413df341761a8
Static task
static1
Behavioral task
behavioral1
Sample
New purchase Order.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
a8hq
veteransductcleaning.com
beajtjunkies.com
houseofascofi.com
scottsdalemediator.com
atelyadesign.com
profitcase.pro
imtokenio.club
qinglingpai.com
bigsmile-meal.net
daytonlivestream.com
aspiradores10.online
ytybs120.com
hdatelier.com
bearpierce.com
yeson28ca.com
booklearner.com
m8j9.club
mmophamthinhlegend.space
hq4a7o6zb.com
sophiadaki.online
sunraiz.site
calorieup.com
vighneshequipments.com
695522z.xyz
xjfhkjy.com
jcpractice.xyz
micahriffle.com
babiezarena.com
heythatstony.com
bmtjt.com
aete.info
yeyeps.com
chafaouihicham.com
globalider.com
uwksu.com
jimmy.technology
theveatchplantation.com
devondarcy.com
suburbpaw.online
ballsfashion.com
devsecops-maturity-analysis.net
naturealizarte.com
jpvuy.icu
algoworksconsulting.com
51jzsy.com
the-arboretum.net
sportsmachine.xyz
kemanewright.com
transporteslatinoberlin.com
multirollup.xyz
anaconda-otome.xyz
cheneiz.net
hillsbororosewoodresidences.com
sanphamgiadinh.xyz
xml-ott.com
aimdistributors.net
powergenaku.com
pt24lotto.info
healthyaging.partners
westsuits.com
decentralwebapp.online
mytropicaldreams.com
pravit-ball.online
northern-lights.info
simcondo.com
Targets
-
-
Target
New purchase Order.exe
-
Size
477KB
-
MD5
dd481272bd8f9e8ca40868e4a90db854
-
SHA1
8871b4d7173d89b539aa1b3e91139cb4c0ce744e
-
SHA256
8edf8a8b1972c8dd05a960b7a79a7a87c8977b69b700ab9db28bab9207b8b267
-
SHA512
168ed59d8f6edd7b37b44441480e59fdef67beb35487974aec59aa36852407c75d5537532f6cd0104327516fd2e0359fadb6fe56a8def782864413df341761a8
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-