General
-
Target
5544835851386880.zip
-
Size
4.4MB
-
Sample
210812-vz4twltp5a
-
MD5
99aa342771928acf2d245a78e95d7ffe
-
SHA1
14cd538764217cb2f09603ec2196ad971fbdbe8d
-
SHA256
ac00f76b8b9b7a4da749a85063b49c446b4b50e9837907c737a4675bcee43c3d
-
SHA512
8e42c097b0cb7ccab4ec647d28ffd894f7e20bd7bec5ba6482dc8d243f4b9a493840034947d12a92e1ceca8224a255f481de25e5a79bcdb1587feb36dcb49f21
Static task
static1
Behavioral task
behavioral1
Sample
13d97308ca4e87d31024b1fcbfca7f7fdac365a4bf2264ca18499847d411bb69.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
13d97308ca4e87d31024b1fcbfca7f7fdac365a4bf2264ca18499847d411bb69.exe
Resource
win10v20210408
Malware Config
Extracted
xloader
2.3
avc9
http://www.buyershealthy.com/avc9/
thejamalpur.com
oneofthemthere.com
instaleadsolutionsllc.com
dorchestercountyhomehunter.com
digirmbbank.com
taeheavyequipmentparts.xyz
topless.cloud
heatherhuntercoaching.com
pennysworld.net
auirz.xyz
conserfic.com
haroopet.com
perazabenefits.com
tuftmultimodal.com
quanlailai.com
revealsonwheels.com
rafaellaepedro.com
cowbex.info
cobject-studio.com
odp.xyz
artisanmartonline.com
svdoffshoreservices.com
elfeoandres.net
propertybybb.com
laa01.com
contractorsfirstsource.com
onecouchtoanother.com
mycat.show
tegernseekind.com
heisinallthings.com
krafteebydesign.com
informationaboutlaw001.com
strato-rpas.com
ringvirtual.center
novashrmexecutivedirector.com
leebritz.com
miamiebike.com
deyangmuye.com
cestsibonrestaurant.com
harrisfoodbar.com
tariffcelltrading.net
onlineprofitscollective.com
urbanfrontierwm.net
soflacustoms.com
jayasuryamarriagebureau.com
threaten-depend.xyz
themodumall.com
afge918settlment.com
test-chance-op.com
logisd.com
blogchoi.com
ygyforyou.com
ecoenclosed.com
katelandiablog.com
eudaimonia.one
geekterrain.com
heute-noch-ein.date
zircof.com
atulkareemahscollection.com
paidwebtraffic.com
batbikiemtienonline.com
myupmchealthtrak.com
corporate-sec.com
daeoswim.com
Targets
-
-
Target
13d97308ca4e87d31024b1fcbfca7f7fdac365a4bf2264ca18499847d411bb69
-
Size
4.4MB
-
MD5
57c89dd8d8ff1fd5192ce1c48c3acbd6
-
SHA1
c3a94aedc5fce3afdafe25ac648f3579e71cfaf3
-
SHA256
13d97308ca4e87d31024b1fcbfca7f7fdac365a4bf2264ca18499847d411bb69
-
SHA512
bdb1017d539ebdaf39b921ce580d064bd5d148d53def3c0b6879b469e798b212b70e334026c33bf5418afd40a507becb0898df2848b17ec3c961bf2e8bc32479
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-