General
-
Target
d3ff23f626d8932d9ef5fca0b3dec964
-
Size
316KB
-
Sample
220613-kk6fksbaf5
-
MD5
d3ff23f626d8932d9ef5fca0b3dec964
-
SHA1
f38494d9598f5a3fdee6a97bc98fa8e1232d4341
-
SHA256
d1be3f34e21284e498b6e4e096c11c8073f6584899d59e8dadb9d1487384986b
-
SHA512
f67f61a35b5dccfa9578fb40c05bf170e2ce96fa6f0ccf6ac244f9c1683235db59e5eebdfc8097368b4b0086aac4f81aa462f36a96e0b0a0b73b5de90f000bf3
Static task
static1
Behavioral task
behavioral1
Sample
? PO-PO22E000300.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
vweq
malang-media.com
mrsfence.com
lubetops.com
aitimedia.net
montecryptocapital.com
ahwmedia.com
bvmnc.site
bggearstore.com
bcsantacoloma.online
alltimephotography.com
santacruz-roofings.com
leaplifestyleenterprises.com
censovet.com
similkameenfarms.com
undisclosed.email
thetrinityco.com
rapiturs.com
jedlersdorf.info
mh7jk12e.xyz
flygurlblogwordpress.com
goodbaddesign.com
equipmentrentalpartyplus.com
ohyoutube.com
projetoarvore.com
2379.flights
implemedescribed.com
kreasinesia.com
ownitoffice.com
fortekofteacizyemeknerde.store
my-wh-webproject.com
518499.com
naples-us.com
tlrohio.com
kanchava.com
lcloudfindin.com
cybermatrix.tech
i6lqi.xyz
ebay-online-selling-24.com
afrisectelecoms.com
tiantian997.xyz
strategyvenues.com
marketnear.watch
thebrooklynyogi.com
sonikbuilder.online
voyagesconsulting.com
ledgel0ungers.com
youhadtobethere.biz
disabled-long.com
dental-implants-encounter.life
zydssq.com
livingwell.green
doumao334.xyz
moodysoot.online
licos.xyz
maqitashop.com
doroos.online
laikemiao.com
petrolverse.xyz
apostolicpraise.net
todaychance.com
helightville.com
st-john-fisher-school.com
agwly.com
dashop.pro
zxc3426.xyz
Targets
-
-
Target
? PO-PO22E000300.pdf.exe
-
Size
245KB
-
MD5
1b5bf9898a36e524ea8e4c64dc7ef12b
-
SHA1
5f630502bf2e24bc5a0472b42360025883a3feb6
-
SHA256
aaf551f6f56bb5f439c571549d44656abaeb09a2603a22f8f5f9bdad3f0049cd
-
SHA512
daa9784eb90940aeafd6654f27628967d867db0f3a9c9ceac900acc13d951a06fa7fe4984277020f55eabe095077dd13154a0e0ddba5b323d11bd2a5ed60213a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Suspicious use of SetThreadContext
-