General
-
Target
New order 07,06,2022.exe
-
Size
626KB
-
Sample
220706-kgetfsaffn
-
MD5
1287d9ae257300407cf7490872764eab
-
SHA1
b71bc21b67a5b1031ed873b02e54726394c90060
-
SHA256
f6db3a2b3160b40742b164c6bbe0496368f4fc52d1a16757a49d023f5189b428
-
SHA512
4ebd21f597a8c5025216aa44df4d44afeaadb16729cf049b95a329ebd0d47def09c5fbd9f518dd0560101ffe5c30405f6ecf13e9502841bfcf8c52332ee8d13e
Static task
static1
Behavioral task
behavioral1
Sample
New order 07,06,2022.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
New order 07,06,2022.exe
-
Size
626KB
-
MD5
1287d9ae257300407cf7490872764eab
-
SHA1
b71bc21b67a5b1031ed873b02e54726394c90060
-
SHA256
f6db3a2b3160b40742b164c6bbe0496368f4fc52d1a16757a49d023f5189b428
-
SHA512
4ebd21f597a8c5025216aa44df4d44afeaadb16729cf049b95a329ebd0d47def09c5fbd9f518dd0560101ffe5c30405f6ecf13e9502841bfcf8c52332ee8d13e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-