General
-
Target
shipping document.exe
-
Size
526KB
-
Sample
220608-tmxqwsagf9
-
MD5
14d30f3b7fdc0449489e207fb7335551
-
SHA1
d7d5ead143507bab37cca353fdba10149a1081e4
-
SHA256
c33b26b4e4f428acbe2c4fff00184f4a2328c8bb656e4ca4cf189b782cf4b4ea
-
SHA512
47740effe3940259da1d0f25677a5d965947707cb04b6f03008f8aaf31287bc14fe8300c6b8353dbc1600658a06e6f725468d78d74fdb2662735f7e6dced6915
Static task
static1
Behavioral task
behavioral1
Sample
shipping document.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
a8hq
veteransductcleaning.com
beajtjunkies.com
houseofascofi.com
scottsdalemediator.com
atelyadesign.com
profitcase.pro
imtokenio.club
qinglingpai.com
bigsmile-meal.net
daytonlivestream.com
aspiradores10.online
ytybs120.com
hdatelier.com
bearpierce.com
yeson28ca.com
booklearner.com
m8j9.club
mmophamthinhlegend.space
hq4a7o6zb.com
sophiadaki.online
sunraiz.site
calorieup.com
vighneshequipments.com
695522z.xyz
xjfhkjy.com
jcpractice.xyz
micahriffle.com
babiezarena.com
heythatstony.com
bmtjt.com
aete.info
yeyeps.com
chafaouihicham.com
globalider.com
uwksu.com
jimmy.technology
theveatchplantation.com
devondarcy.com
suburbpaw.online
ballsfashion.com
devsecops-maturity-analysis.net
naturealizarte.com
jpvuy.icu
algoworksconsulting.com
51jzsy.com
the-arboretum.net
sportsmachine.xyz
kemanewright.com
transporteslatinoberlin.com
multirollup.xyz
anaconda-otome.xyz
cheneiz.net
hillsbororosewoodresidences.com
sanphamgiadinh.xyz
xml-ott.com
aimdistributors.net
powergenaku.com
pt24lotto.info
healthyaging.partners
westsuits.com
decentralwebapp.online
mytropicaldreams.com
pravit-ball.online
northern-lights.info
simcondo.com
Targets
-
-
Target
shipping document.exe
-
Size
526KB
-
MD5
14d30f3b7fdc0449489e207fb7335551
-
SHA1
d7d5ead143507bab37cca353fdba10149a1081e4
-
SHA256
c33b26b4e4f428acbe2c4fff00184f4a2328c8bb656e4ca4cf189b782cf4b4ea
-
SHA512
47740effe3940259da1d0f25677a5d965947707cb04b6f03008f8aaf31287bc14fe8300c6b8353dbc1600658a06e6f725468d78d74fdb2662735f7e6dced6915
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-