General
-
Target
0ictba3ik3lrJnW.exe
-
Size
859KB
-
Sample
210727-s1tr394gtn
-
MD5
6e77fe0eb26c4834a5411e66a78a3e69
-
SHA1
5c9768be8ed60c6190e68deeebc5f3c1cdbf531a
-
SHA256
fbeb9b62ff737a87fe38709d075f3fee34502b01262480cf5a014efaab4f7075
-
SHA512
dc466d692eee548dbcc161904527a27b2a80ebc0ae4a366a8d08a21ec627fd6ef127db3aaf0b1ec567e7ac0a5aae71374a285d1aba5cb5bb59d24d3d65a51eef
Static task
static1
Behavioral task
behavioral1
Sample
0ictba3ik3lrJnW.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.hokutiki.com/cogt/
britechsoft.com
vitortedeschi.com
nittwittridge.net
nblianger.com
fs133.net
theprairiesky.com
mylexinova.com
loveiscomingbook.com
thehouseoflightning.com
gulbahorfoodblogger.online
exploringanddiscovering.com
edyscleaning.com
jihalbroskorea.com
sammys-cafe.com
smallbluer.com
voglioincontri.com
aaareplicamall.com
empireofglam.com
4hu5555.com
cookiescalofornia.com
bikeazon.com
e9daa9c-2z.com
crucialprintz.com
catnapperspgh.com
newsletteramy.com
myewallet999.com
innovoramr.com
protonmedicalcare.net
loismiachapman.com
chapterpaper.guru
aiwop.com
infinityjewelrypr.com
pwnyc-wnph.xyz
priyanshisikchi.com
jalhucaperu.com
tonyhumberstone.com
thecorecoffeeroastery.com
sbahandbook.com
zgzbl168.com
cooperunica.com
destek-taleplerimiz.com
signobrations.com
blyadikieva.com
myqanon.com
landfilltoken.com
suburbanjuice.com
giftbasketsandmorebytina.com
inexcreativefloors.com
hccaster.com
tottenvillshs.com
serversregistered.com
cubiclesanddragons.com
crispychickenmerrylands.com
buntunm3.com
pnrlen.today
jocodroneco.com
littlehico.com
tryseasonal.com
thehomefitness.com
taxsite.icu
taksazsanat.com
kaseratechnologies.com
cocinacolectiva.com
klikkananstudio.com
Targets
-
-
Target
0ictba3ik3lrJnW.exe
-
Size
859KB
-
MD5
6e77fe0eb26c4834a5411e66a78a3e69
-
SHA1
5c9768be8ed60c6190e68deeebc5f3c1cdbf531a
-
SHA256
fbeb9b62ff737a87fe38709d075f3fee34502b01262480cf5a014efaab4f7075
-
SHA512
dc466d692eee548dbcc161904527a27b2a80ebc0ae4a366a8d08a21ec627fd6ef127db3aaf0b1ec567e7ac0a5aae71374a285d1aba5cb5bb59d24d3d65a51eef
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-