General
-
Target
Payment Advice doc.ace
-
Size
758KB
-
Sample
220616-ljsnrschcn
-
MD5
50a832f10c1488475645f9301d1c9c0f
-
SHA1
ddd3c4c112d3d43b5ac17281d982a71115179d88
-
SHA256
530cc2f72a261230798589bb7166f221f77cbd2eff4e12e872128d570a0bb990
-
SHA512
c84cffc331baa36c412a1ba3d002413e94ce039832ca57aea01b2a842d1eccdfa72883e2a17278ea132161c31358f91dae7778265b87874d83a7633a35843496
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice doc.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
h4st
hawkonline.club
unitedkingdomvoip.site
tbrme.com
ysxol.xyz
oviagrooming.com
pokerdominogame.com
perabett463.com
orderjoessteaks.com
sjczyw.com
christensonbrothers.com
stanegroupe.com
residencialseniorspa.com
eyetechlabs.com
lens-experts.com
69988.club
skateboardlovers.com
ourhighlandacres.net
dskensho343.xyz
dance985.com
iran-style.com
autism-101.com
hdwiz.online
atomcapital.net
seelenmedicus144.com
range4tis.com
affordablebathroomsbyfrank.net
sosienna.com
forge21.xyz
sinergiberkaryabersama.com
christinesyquia.com
newleafremodel.com
doitlive.online
hyiptron.com
hobartiamusic.com
dvfdressoutlet.com
puzzlelux.com
arkdia.xyz
turnerverve.quest
detectorlifestyle.com
milanoineout.com
zjins.com
globalfrances.com
cactus-aio.com
fzl-fs.com
freshiestuning.com
vertiney.com
mayclaim.com
8m1id.online
fiercefantasyshop.com
genesisrofprc.xyz
eventsp.xyz
morningvibecoffee.com
angellogordon.com
peopleonhealth.com
batuhanasut.com
fabianmarin.com
5starrentertainment.com
tauikrychy.space
magnetstudios.global
korenshop.com
mbljbspro.com
takeyourshot3500.pro
sjsteinhardt.com
cabanatvs.com
jenaeeaginshair.com
Targets
-
-
Target
Payment Advice doc.exe
-
Size
849KB
-
MD5
ca86ee16c51a5081464eb585cf5467e4
-
SHA1
5b3e6c9006b1d7980700f4ccffbd8d8a5258eb30
-
SHA256
2d7a273e89f10f65f578ab99082a23aecc948556f8e33a67f1eb9689b1cdc1d3
-
SHA512
94cc554facaf0c317e123da8dcbd1284688f6d4b077ce990958a05276e4fb9d4c4cec88232004a843ec133300c3d9ddcbed66d4e156928d74bcc5c1f2a81a467
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-