General
-
Target
New order 07,06,2022.gz
-
Size
580KB
-
Sample
220706-j7j1esaefm
-
MD5
11c52c5d7dab09b958b961f7808443cb
-
SHA1
11ad298f2a2c7bd25037eb6116a5b2fbaa599b83
-
SHA256
7d7f61dcd91716fad45ca306c59abcae50f15efe605825c0b9f8e6610c6d2fca
-
SHA512
10f5f40a6a3da477ba16ca040c9752170d17eb7a3a3148f9f010373335e79d1bf12aed3dce43a4c674b8b7521fde9d4254f7233b06f00aaa88d5edf6acd2bb1d
Static task
static1
Behavioral task
behavioral1
Sample
New order 07,06,2022.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
New order 07,06,2022.exe
-
Size
626KB
-
MD5
1287d9ae257300407cf7490872764eab
-
SHA1
b71bc21b67a5b1031ed873b02e54726394c90060
-
SHA256
f6db3a2b3160b40742b164c6bbe0496368f4fc52d1a16757a49d023f5189b428
-
SHA512
4ebd21f597a8c5025216aa44df4d44afeaadb16729cf049b95a329ebd0d47def09c5fbd9f518dd0560101ffe5c30405f6ecf13e9502841bfcf8c52332ee8d13e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-