General
-
Target
D3ccF8FfwAXrqsU.exe
-
Size
1.3MB
-
Sample
210728-x3f8wyqvta
-
MD5
e1c803b57cb1c949b037251a3dbf7d7d
-
SHA1
efeaac6997f56acb90ed2d28bbcb66929b2002a8
-
SHA256
5accccfe8695d78110cc9c27d79d56ac280879a0d874bb46c42c2a8baf7fe972
-
SHA512
fa6a275fc96ff89570b0186a43a3ffddb4a8af49fe50a8cd8698088713fb66764721f7e2cd5d2fce7345fb07b9a68c6a5df89980228ce20a3056b74ec52b909e
Static task
static1
Behavioral task
behavioral1
Sample
D3ccF8FfwAXrqsU.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.designsbynandini.com/fznn/
petmarketsolutions.com
themummymarketplace.com
themidnightcollectivepdx.com
detoxshake.site
ross76.com
tom-tours2020.com
domoservis.com
allcombuildingsvc.com
padelshop.online
wosaying.com
heafg.com
inglesbrasileiro.com
santaclausonline.net
voiceofmagic.com
lafayettelc.com
communal-sleeve.net
extremecouponing.online
mypomate.com
rtdrillbit.com
therealtortaylor.com
yiyft.com
step-shoes.xyz
500brickellcondos.com
sserignou.com
rosiesmixologybartendingllc.com
savealotswfl.com
magetu.info
airboatcolombia.com
geezop.com
dadaoliangpi.com
jane-woolrich.net
detroit3dp.com
masonandmadyn.com
tformit.com
reyting-foreks.com
faszination-wetter.com
haneul.life
sweetiefilms.com
sellmyhomequicktampa.com
jvxez.com
laurawiercinska.com
demoattorney.com
clc-24.com
corruptoefrenmartinez.com
cosmicgeneralstore.com
nobel.ink
officeactivate.xyz
beevenomoil.com
1ow.life
kamilahtomlinson.com
xnr-market.com
interactivecommons.com
tonyjmarketinghelp.com
creativinet.com
aiministor.com
lavishladys.com
kingzrus.com
9066985.com
milayapi.net
haoshuo88.com
629310.com
activasigurari.xyz
pornera.xyz
wallawander.com
Targets
-
-
Target
D3ccF8FfwAXrqsU.exe
-
Size
1.3MB
-
MD5
e1c803b57cb1c949b037251a3dbf7d7d
-
SHA1
efeaac6997f56acb90ed2d28bbcb66929b2002a8
-
SHA256
5accccfe8695d78110cc9c27d79d56ac280879a0d874bb46c42c2a8baf7fe972
-
SHA512
fa6a275fc96ff89570b0186a43a3ffddb4a8af49fe50a8cd8698088713fb66764721f7e2cd5d2fce7345fb07b9a68c6a5df89980228ce20a3056b74ec52b909e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader Payload
-
Suspicious use of SetThreadContext
-