General
-
Target
Invoice B9800177.exe
-
Size
628KB
-
Sample
220706-jqy31sadbl
-
MD5
36efa9e34b8055b9e54572997f85099a
-
SHA1
ceeb08b5411a56c0fc98388bc427b9aa563d8967
-
SHA256
b87ec1a86d0c11e1183ec3de93241427e393f0016ff662fe6c9d98af2faf22d5
-
SHA512
e4bbdaad01e7da77457af0420e9f777f59ec08cebc728b6396696317c69329d6c5a385b584abd642f92138324838e9df347b8f61f346aad9583eac115f1a2413
Static task
static1
Behavioral task
behavioral1
Sample
Invoice B9800177.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Invoice B9800177.exe
-
Size
628KB
-
MD5
36efa9e34b8055b9e54572997f85099a
-
SHA1
ceeb08b5411a56c0fc98388bc427b9aa563d8967
-
SHA256
b87ec1a86d0c11e1183ec3de93241427e393f0016ff662fe6c9d98af2faf22d5
-
SHA512
e4bbdaad01e7da77457af0420e9f777f59ec08cebc728b6396696317c69329d6c5a385b584abd642f92138324838e9df347b8f61f346aad9583eac115f1a2413
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-