General
-
Target
ledger.r15
-
Size
501KB
-
Sample
210910-lrm39achhn
-
MD5
6e2557bb3aebc5ebc0506b30648e011e
-
SHA1
7be4e3b1744d04a877f085411983ba2c93b3546c
-
SHA256
f90a07b0a02db42be743f109cbc04ac2a0c06326a228b2971ecd31bcd653a14d
-
SHA512
4a20d589b2bd6dc83df79b489a45fd79844119f0abba91cc7ac3b33b29e83da50030a88f75eb167ae83935ae155909f8dcfa6b8a8ff39dc0fdfed101836d2b2d
Static task
static1
Behavioral task
behavioral1
Sample
ledger.exe
Resource
win7-en
Malware Config
Extracted
xloader
2.3
n58i
http://www.biosonicmicrocurrent.com/n58i/
electrifyz.com
silkpetalz.net
cognitivenavigation.com
poophaikus.com
orchidiris.com
arteregalos.com
dailybookmarks.info
gogoanume.pro
hushmailgmx.com
trjisa.com
notontrend.com
2020polltax.com
orderhappy.club
panggabean.net
govsathi.com
hrsbxg.com
xvideotokyo.online
lotteplaze.com
lovecleanliveclean.com
swaphomeloans.net
arcadems.info
creatingstrongerathletes.com
follaproperties.com
i-postgram.com
bootybella.fitness
avtofan.net
bimbavbi.com
yourtravelsbuddy.com
laiofit.com
ofnick.com
2g6gc6zma9g.net
phamthanhdam.com
shopteve.com
add-fast.com
studioloungemke.com
maxtoutfitness.com
mapleway.systems
login-settings.com
affoshop.com
hupubets.com
3energyservices.com
ccmfonline.com
keyhousebuyers.com
curvecue.com
developerdevelopment.com
jamesdunnandsons.com
devyassine.com
dongyilove.com
alienpuran.com
tuolp.com
bidprosper.com
feerd.com
acmeproxy.com
thechoicemediagroup.com
inspirespeep.com
leesangsoon.com
highheatcards.com
xn--yk3b99erra.com
rawfasteners.com
alfaniyaa.com
bellesaesthetics.com
ccequityholdings.com
carrolpuppies.com
huttibazar.net
Targets
-
-
Target
ledger.exe
-
Size
746KB
-
MD5
bb7bbc40aef8439092e6345d3428c975
-
SHA1
9bf46b95ff700e57bc0e38d5133577bfad260ea2
-
SHA256
b194903f2fb1231113b2cffdd6cf47e25d4d9f99675654f70865b1f3d0a9160c
-
SHA512
a1ed9eac420f49c4e101ddfb84a1b148a2c05a0999553978528cc1976f3027325b0944c721696ddc1b73b68bcc9766dcb884414efae70543ae7023f34130632f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-