General
-
Target
SKM531996544527BT.IMG
-
Size
1.2MB
-
Sample
210901-xybrgp2vvs
-
MD5
f964692f564ac2a92548ae26aef6ac67
-
SHA1
2509ee44300a675b65a373e9d86f7d37518bbf17
-
SHA256
9983075bf1dd7a3cde49b353773b4c5d7e07d83f1cfdb2d690546c6295246c3e
-
SHA512
2cc7789d3976b4729332048c737a58392fa196955c8ac870472e3b082c9de9347e1c7e0d5c779af3e3129d657959d4bcec37b60f9bbad7257f4a09abcee42187
Static task
static1
Behavioral task
behavioral1
Sample
OR81530S.EXE
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
p086
http://www.riscology.com/p086/
jinshichain.com
worldpettraveler.com
hightecforpc.com
kj97fm.com
streetnewstv.com
webrew.club
wheretogodubai.com
apostapolitica.net
thecafy.com
vinelosangeles.com
gashinc.com
gutitout.net
bvd-invest.com
realtoroutdesk.com
lawnbowlstournaments.net
nobodyisillegal.com
abogadoorihuela.net
sanistela.com
jksecurityworld.com
peppermintproject.com
blaxies3.com
oil51.com
joessche.com
7763.xyz
great-news-today.com
gen-oct.com
viyados.com
believe4america.com
misskarenenglishreacher.com
playgrnd.club
disseminate.info
degroeneremedie.com
clasedeangel.com
humanpossibilitiesfreed.com
lilythreads.com
6416drexel.com
jerseyshoreweedtees.com
eztrickstart.com
marionlittle.com
ecklesphoto.com
halifaxmews.com
carguymarkvan.com
cvpsychicmedium.com
greenlitebm.com
mainestreetwebdesign.com
wajvrko.icu
qbonitafesta.com
udsumberbarokah.com
maryschatzmd.com
leoscorpio.com
stashbashpartybus.com
bootlegnews.com
a1perfomance.com
publicofsociety.com
easybuy.cool
yhbt103.com
hereandnowme.com
proskinaesthetics.com
atminishop.com
dashcrew.net
4xpipsnager.com
ngmysz.com
moorestownquakerparents.com
maternity.cloud
Targets
-
-
Target
OR81530S.EXE
-
Size
636KB
-
MD5
af331c3c0907af5282c00443536b22c7
-
SHA1
ed908b4ad857a61bc9aa84bf8d53df894ee7bd5d
-
SHA256
1013981e9742f0debfe503dcb812e5f87990eecdb7d2857c233652a8a3acafff
-
SHA512
f00f1eb4df01061dd1bfec6c6df3e509359aa4a5acea5c91f5b9cd41e4bbf218d46a43b25d00922f86d1bbe99d090622e042cea1ce2184bd75d6f47b14fc7423
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-