General
-
Target
moni.exe
-
Size
606KB
-
Sample
210727-2s2phj48ts
-
MD5
7b2f837b3a3f8980901ca3a6f624d8d2
-
SHA1
7e0b1aabde14b6c64f8553d1d7e3499af79d2448
-
SHA256
3a4677dc6f14f38983af15458b11d5f92e71dea8d5cd0e5b263c50d211a72621
-
SHA512
677237124810c3cb0d35af23a2b9c0167d7b31dc0862bd7523841cdbc4c5209e5a71f8af8294f97e2bfa24f7d6984b00c695f0a5a5e1747833301b90fa1a46fe
Static task
static1
Behavioral task
behavioral1
Sample
moni.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.panyu-qqbaby.com/weni/
sdmdwang.com
konversationswithkoshie.net
carap.club
eagldeream.com
856380585.xyz
elgallocoffee.com
magetu.info
lovertons.com
theichallenge.com
advancedautorepairsonline.com
wingsstyling.info
tapdaugusta.com
wiloasbanhsgtarewdasc.solutions
donjrisdumb.com
experienceddoctor.com
cloverhillconsultants.com
underwear.show
karensgonewild2020.com
arodsr.com
thefucktardmanual.com
712kenwood.info
telecompink.com
ebizkendra.com
kitkatmp3.com
utformehagen.com
profitsnavigator.com
kathyharvey.com
tongaoffshore.com
vrpreservation.com
hy7128.com
nicolettejohnsonphotography.com
rating.travel
visualartcr.com
nationalbarista.com
lovecartoonforever.com
koimkt.com
directpractice.pro
blockchaincloud360.com
queverenbuenosaires.com
coachmyragolden.com
awree.com
facebookipl.com
rcheapwdbuy.com
trinspinsgreen.com
voxaide.com
ecorner.online
mattvickery.com
regarta.com
fknprfct.com
theessentialstore.net
sunilpsingh.com
ovtnywveba.club
optimalgafa.com
awdjob.info
humachem.com
southeasternsteakcompany.com
centerevents.net
warrenswindowcleans.co.uk
lebullterrier.com
thecxchecker.com
formerknown.com
pupbutler.com
tincanphones.com
tgeuuy.cool
Targets
-
-
Target
moni.exe
-
Size
606KB
-
MD5
7b2f837b3a3f8980901ca3a6f624d8d2
-
SHA1
7e0b1aabde14b6c64f8553d1d7e3499af79d2448
-
SHA256
3a4677dc6f14f38983af15458b11d5f92e71dea8d5cd0e5b263c50d211a72621
-
SHA512
677237124810c3cb0d35af23a2b9c0167d7b31dc0862bd7523841cdbc4c5209e5a71f8af8294f97e2bfa24f7d6984b00c695f0a5a5e1747833301b90fa1a46fe
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-