General
-
Target
PO_220101089.exe
-
Size
368KB
-
Sample
210831-bmjc6b2gbn
-
MD5
2f8a0005b48d09e1f28dfa719349335b
-
SHA1
913c5c240ba257962eb7b5a67fc86a054ee723ae
-
SHA256
f547d8d44d91b4d09f1323857e573c31a8cb0fb1ed949cc0f8c90f6ea807b23c
-
SHA512
5bd7c09841e62fa3454590eda06d45518780d150b1e92fff03763ff308fcf6a45fd0bdc4b1b801b927b35fc4f4d3592fccf96c89877363cce24717e0dc758d7f
Static task
static1
Behavioral task
behavioral1
Sample
PO_220101089.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
noi6
http://www.offshoresrilanka.com/noi6/
yow.today
rkdreamcreations.com
etheriumtech.com
stretchwrench.com
kiddiecruise.com
stickforward.com
videocineproduccion.com
roofinginamerica.com
amarillasnuevomexico.com
armfieldmillerripley.com
macyburn.club
lvbaoshan.com
shopshelponline.com
thebunnybrands.com
newsxplor.com
momunani.com
rebelnqueen.com
tusguitarras.com
nexab2b.com
e3office.express
restpostenboerse.com
empdx.net
treekium.com
kuyumcusigortasi.com
icufashionaccessories.com
olv.design
vraniqi-plast.com
metalate.com
salondelalocura.com
parivarthanarchitects.com
lovewithjanel.community
thelifeprotectgroup.com
tukangphoto.com
seguridadcusaem.com
europeisawesome.com
celinbag.com
e-basvuru-hizmetleri.com
myfojwinx.icu
wecamptee.com
weihang0769.com
onlinecolorization.com
vaccinocovid19.info
novastreaming.net
menuhaliving.com
gayderjoes.com
pantysniffershop.com
powerbie.com
naplesebike.com
chipinsideyourbrain.com
thegioicaytrongnha.com
downtowntallyretreat.com
latiaov.net
albanyfence.com
ttzya.com
jvillehatchery.com
shaonix.com
swaphomeloans.com
hotelsasian.com
truckcar.info
papocabecaepescoco.net
dekodizajn.com
bulukx.com
turbochargeyourwriting.com
lcscards-veilig.icu
Targets
-
-
Target
PO_220101089.exe
-
Size
368KB
-
MD5
2f8a0005b48d09e1f28dfa719349335b
-
SHA1
913c5c240ba257962eb7b5a67fc86a054ee723ae
-
SHA256
f547d8d44d91b4d09f1323857e573c31a8cb0fb1ed949cc0f8c90f6ea807b23c
-
SHA512
5bd7c09841e62fa3454590eda06d45518780d150b1e92fff03763ff308fcf6a45fd0bdc4b1b801b927b35fc4f4d3592fccf96c89877363cce24717e0dc758d7f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-