General
-
Target
NEW PO.exe
-
Size
716KB
-
Sample
210831-b3h1wgefne
-
MD5
327983a39260bc277f97cfc30de6f95b
-
SHA1
12c136d5721f0cc56f6519dc607c03677e18543b
-
SHA256
f621e1b5cd41932d5afac294e228f4f62b056ef322103c8ec06b9123a4eac2d0
-
SHA512
9497feb48c9532123eae4f78615aad9072a5720b1b818a28b9ed1a2abaf2f1af71895b8683060166c11710ced6d8ded423b89856f7badf32ee07a0ef1dd110b4
Static task
static1
Behavioral task
behavioral1
Sample
NEW PO.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
k8b5
http://www.chongzhi365.com/k8b5/
sardamedicals.com
reelectkendavis4council.com
coreconsultation.com
fajarazhary.com
mybitearner.com
brightpet.info
voicewithchoice.com
bailbondscompany.xyz
7133333333.com
delights.info
gawlvegdr.icu
sdqhpm.com
we2savvyok.com
primallifeathlete.com
gdsinglecell.com
isokineticmachines.com
smartneckrelax.com
gardenvintage.com
hiphopvolume.com
medicapoint.com
crybebe.com
elevatedgameplay.com
armespublishing.com
pathsiteofficial.com
xn--e-2fa.com
besoxie.com
pro-montage.com
smartsmsfloan.net
gafinstallations.com
osk2279.com
sexcam-live-sex.net
supermomsd.com
villa-sardi.com
nkb-webmart.com
vaaccidentdoctorsnearme.net
sewcialdistancesewing.com
smodery.com
mimik33.com
employeepremiumassistance.com
chenqixuan.com
whyyousuckatgolfmovie.com
scholarshdesk.xyz
suenosenescena.com
ombaked.com
growingbargains.com
growbigelite.com
michalwroblewski.online
selfpublishingprojectmgmt.com
salir.info
lutherdanavan.com
caraccidentlawyernearme.net
portraitverse.com
secure-alerts901.info
reviewscanada.com
andreasaction.com
mblinks.net
regulationtoshop.com
borderless-farm.com
excitingdailyshop.com
pawandalmia.net
greatplainsjane.com
operacionapoyo.com
26gibraltardrive.com
getportlandjustice.com
Targets
-
-
Target
NEW PO.exe
-
Size
716KB
-
MD5
327983a39260bc277f97cfc30de6f95b
-
SHA1
12c136d5721f0cc56f6519dc607c03677e18543b
-
SHA256
f621e1b5cd41932d5afac294e228f4f62b056ef322103c8ec06b9123a4eac2d0
-
SHA512
9497feb48c9532123eae4f78615aad9072a5720b1b818a28b9ed1a2abaf2f1af71895b8683060166c11710ced6d8ded423b89856f7badf32ee07a0ef1dd110b4
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-