General
-
Target
klSsrzxwsbxeJQh.exe
-
Size
818KB
-
Sample
210727-4c1hgwxjpe
-
MD5
3be1fa609b4f6efa9d30b5c75810f863
-
SHA1
61dcd8a4bd4641a7cc4800b5aea9ecaf7c6609bf
-
SHA256
27572043b01a99f3901af4bd40faf03cd04e722e3fb7ba866ccdb3b2d3fabb11
-
SHA512
b5d36a463c8eca050b3db941449d79b91c870990685b20bc192f09037231a17c2939c74b2312820a09aa54e553e61a6ab0320ea7b5f9ee60a92331ccf79b7911
Static task
static1
Behavioral task
behavioral1
Sample
klSsrzxwsbxeJQh.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.arogyanlife.com/b82a/
annguyet.net
parkwood.tech
readysetmortgage.net
betraywithdraw.com
incmagazine.xyz
dentistinpimplesaudagar.com
lianhx.com
prodrelease0827b.com
safehavenwellbeing.com
gehdeinweg.club
sondaggio123.space
prospecx.report
remediate.info
savylash.com
puppornstar.com
coaching-romand.com
boozeshops.com
team316media.com
ldgawydtl.icu
trezteez.com
hhtgd.com
jugoon.xyz
bsafetexting.com
imaycom.com
fakihgroups.com
pfarfour.com
organowantcreator.com
profesyoneltemizlikantalya.com
kustomdiapercakes.com
repealpna.com
seraby.com
eventsshowleads.com
naturallybossed.com
twxgbmbdkxczd.net
gahterwisdom.com
bautec-euregio.com
sarelawadisangh.com
gimedor.com
revolutionofwork.com
zpwizso.com
livinglavidalocaltexas.com
yenidea.com
smugfantasyfootball.com
myprofitvideo.com
inseparablehearts.com
dalebutano.com
bluecatsubs.com
nationwaves.com
theplantwitch.com
ffntc.com
188yyw.com
thejulington.com
timelessthots.com
homesstory.com
breauxsauto.com
quittytime.com
bainrix.com
eurofiregroup.com
paralelogram.com
nodefind.net
mastercommunications.xyz
lovelyeses.com
social-clarity.com
westvisionconsult.com
Targets
-
-
Target
klSsrzxwsbxeJQh.exe
-
Size
818KB
-
MD5
3be1fa609b4f6efa9d30b5c75810f863
-
SHA1
61dcd8a4bd4641a7cc4800b5aea9ecaf7c6609bf
-
SHA256
27572043b01a99f3901af4bd40faf03cd04e722e3fb7ba866ccdb3b2d3fabb11
-
SHA512
b5d36a463c8eca050b3db941449d79b91c870990685b20bc192f09037231a17c2939c74b2312820a09aa54e553e61a6ab0320ea7b5f9ee60a92331ccf79b7911
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-