General
-
Target
TT Transmitted Copy ETT1037468..exe
-
Size
878KB
-
Sample
210728-salcaxjjjs
-
MD5
1dc4a1aa19afef7c048a09bd00153ae9
-
SHA1
cfeac51f7427a964ece4c8faac0e028d31e4b7ea
-
SHA256
d064e13de302104e85c1fbc8b177bc3b17ecf1dc0063ff1865d825b219d9f11d
-
SHA512
fb6d0157dea7fb9b2c2a7fc0419d02ad6aaee1c681dd2d99c4fa3d1c46f7b33f78a3bbffa144ac7bcf6b2d12db84a6ab839d336d46e092e7ead94061d9a39408
Static task
static1
Behavioral task
behavioral1
Sample
TT Transmitted Copy ETT1037468..exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.desarrollosolucionesnavarro.com/ipa8/
royalposhpups.com
univa.world
lanerbo.com
shopbabygo.com
theutahhomestore.com
serialmixer.icu
linfeiya.com
xn--12cg3de5c2eb5cyi.com
am-conseil-communication.com
dailygame168.com
therightmilitia.com
visions-agency.com
mapopi.com
frugallyketo.com
guapandglo.com
54w-x126v.net
your-health-kick.com
blockchainhub360.com
registernowhd.xyz
votekellykitashima.com
astyaviewer.com
kinnonstudio.com
calerie.coffee
oqity.com
ia3v0m.com
maryland-real-estates.com
rwaafd.com
mnavn.com
valhallamedics.com
realbetisbalompie.xyz
askaboutaduhelm.com
sazekav.com
jxhg163.com
littlescampers.com
northwayenterprise.com
miotir.com
pastelpastrybakery.com
thebandaiderepair.com
plastings.com
hubrisnewyork.com
mervperu.com
calvarirumba.com
evidencemetrics.com
privedenim.com
thebreedersbuddy.info
poolsnation.com
lessonex.com
bainrix.com
celiktarim.com
ortodonciaberistain.com
curtisbigelow.net
golfwifi.net
instrumentum.store
legacymediaentertainment.com
okwideus.com
rixmusic.com
best123-movies.com
edwardsrealtyfl.rentals
beaumontcycleworks.com
abolad.com
hydrarobuxobby.com
addisonbleu.com
xiang-life.net
tailored2fit.online
Targets
-
-
Target
TT Transmitted Copy ETT1037468..exe
-
Size
878KB
-
MD5
1dc4a1aa19afef7c048a09bd00153ae9
-
SHA1
cfeac51f7427a964ece4c8faac0e028d31e4b7ea
-
SHA256
d064e13de302104e85c1fbc8b177bc3b17ecf1dc0063ff1865d825b219d9f11d
-
SHA512
fb6d0157dea7fb9b2c2a7fc0419d02ad6aaee1c681dd2d99c4fa3d1c46f7b33f78a3bbffa144ac7bcf6b2d12db84a6ab839d336d46e092e7ead94061d9a39408
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-