General
-
Target
90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce.zip
-
Size
450KB
-
Sample
210817-v33z1pwykn
-
MD5
bea4ad496614db38bbb255f9410bdcd0
-
SHA1
f27e28348220c48204c2337975d3dbbb1c623cff
-
SHA256
50307805ba87921ad43b60e6321b682e3dfeeb3ab1622f5c1146c412530e6c11
-
SHA512
c59af56170465754f532d1315a000122b7cf3d2d80cf22175f6cf7dee00b898e33b658593849271a4398d3765091b2302b3d5b5c25df8608e8072182e3e1d14b
Static task
static1
Behavioral task
behavioral1
Sample
90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
b8eu
http://www.yummylipz.net/b8eu/
ppslide.com
savorysinsation.com
camilaediego2021.com
rstrunk.net
xianshikanxiyang.club
1borefruit.com
ay-danil.club
xamangxcoax.club
waltonunderwood.com
laurabissell.com
laurawmorrow.com
albamauto.net
usamlb.com
theoyays.com
freeitproject.com
jijiservice.com
ukcarpetclean.com
wc399.com
xn--pskrtmebeton-dlbc.online
exclusivemerchantsolutions.com
kkkc5.com
kakashis.club
minldsrvlceacvtlvty.net
tucantec.com
dreamlivehope.com
tayruaeco.com
wgaoutdoors.com
obersrock.com
notosickness.com
carporttube.com
customcbdgroup.com
vincentstreetdental.site
fidatosas.com
soft-drill.com
thelearningcountscompany.com
brateix.info
sexting-sites.com
wheredidmystokego.com
alorve.com
cataractmeds.com
purhenna.com
slicesystem.com
xn--v4q8fq9ps1clx5d774b.com
tuffysfight.com
dongtaykethop.cloud
thedesertwellness.com
maxridetubes.com
jungbo33.xyz
rokitrevs.com
fsoinc.com
bartelmefamily.com
greenresearch.farm
wws520.com
scoutandstellar.com
therachelfrankshow.com
rastrosomostodos.com
jqxfinance.com
escortsoslo.com
ocd-diesel.com
domainedelafrouardiere.com
9adamtech.com
omniheating.com
dpymenus.com
sellingonlineschool.com
Targets
-
-
Target
90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce
-
Size
727KB
-
MD5
697603470394ef65a7996011adf0db69
-
SHA1
7139f8e802aa6decce3ae28fd49c3d92b5e19823
-
SHA256
90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce
-
SHA512
15a809d90a56b5b8544b994406ca954b39c3650977809e4531b684d6003b9ed597fd1c89c703d985ea898855d49cfb9b7d24f9c198c6c0d033d794c1e33167f6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-