General
-
Target
shipping docs.exe
-
Size
492KB
-
Sample
220608-nwp5hsgdbj
-
MD5
7da04dc46171bc1ec53f1c141ed80e44
-
SHA1
2c4044f32cfcabb32d1ab4df0467d0ccd3452105
-
SHA256
4330d9c1362dfccf1ad5d79cc9329abe6f4a7685a2169b7e42de68a1b1e50b3a
-
SHA512
365b4262427a335fa5b6a2bbc8909365bead264fcc98160c5c8d9828e141a67d4b1ac97b5cc9e5bd054659a66fa63fc54ea523538286ecc665cf39d68af4378e
Static task
static1
Behavioral task
behavioral1
Sample
shipping docs.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
a8hq
veteransductcleaning.com
beajtjunkies.com
houseofascofi.com
scottsdalemediator.com
atelyadesign.com
profitcase.pro
imtokenio.club
qinglingpai.com
bigsmile-meal.net
daytonlivestream.com
aspiradores10.online
ytybs120.com
hdatelier.com
bearpierce.com
yeson28ca.com
booklearner.com
m8j9.club
mmophamthinhlegend.space
hq4a7o6zb.com
sophiadaki.online
sunraiz.site
calorieup.com
vighneshequipments.com
695522z.xyz
xjfhkjy.com
jcpractice.xyz
micahriffle.com
babiezarena.com
heythatstony.com
bmtjt.com
aete.info
yeyeps.com
chafaouihicham.com
globalider.com
uwksu.com
jimmy.technology
theveatchplantation.com
devondarcy.com
suburbpaw.online
ballsfashion.com
devsecops-maturity-analysis.net
naturealizarte.com
jpvuy.icu
algoworksconsulting.com
51jzsy.com
the-arboretum.net
sportsmachine.xyz
kemanewright.com
transporteslatinoberlin.com
multirollup.xyz
anaconda-otome.xyz
cheneiz.net
hillsbororosewoodresidences.com
sanphamgiadinh.xyz
xml-ott.com
aimdistributors.net
powergenaku.com
pt24lotto.info
healthyaging.partners
westsuits.com
decentralwebapp.online
mytropicaldreams.com
pravit-ball.online
northern-lights.info
simcondo.com
Targets
-
-
Target
shipping docs.exe
-
Size
492KB
-
MD5
7da04dc46171bc1ec53f1c141ed80e44
-
SHA1
2c4044f32cfcabb32d1ab4df0467d0ccd3452105
-
SHA256
4330d9c1362dfccf1ad5d79cc9329abe6f4a7685a2169b7e42de68a1b1e50b3a
-
SHA512
365b4262427a335fa5b6a2bbc8909365bead264fcc98160c5c8d9828e141a67d4b1ac97b5cc9e5bd054659a66fa63fc54ea523538286ecc665cf39d68af4378e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-