General
-
Target
pay $.exe
-
Size
557KB
-
Sample
210910-mbyeqadadq
-
MD5
5f36a5d12506389cb097a59838155c52
-
SHA1
b4de1b62ee1775c0e10fe0442cd1b6b3ef75146b
-
SHA256
43d831616e23a03c055971bc1c7c9ae0e87f491976e72ce8fa0074610f004488
-
SHA512
0dd7386c15c606c465496ff837a9780efa889a117da31c93f388601483d7d8f473a3ef80a727f7ac0b039d272c4753abc3bac73bdd53bb109bd5515134dd7ff6
Static task
static1
Behavioral task
behavioral1
Sample
pay $.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
t75f
http://www.vertexnailsblaine.com/t75f/
onegolfsydney.com
kaizensportscoaching.com
mliacbjv.icu
rinstech.net
midas-parts.com
istmenian.com
ibrahimpike.com
herbspaces.com
gentleman4higher.com
workabusiness.com
isabusive.website
222555dy.com
lwhyzhzb.xyz
gabrielabravoillanes.com
hearthomelife.com
buildswealth.com
printitaz.com
l-mventures.com
baincot3.com
nstaq-labs.com
wikendi.com
newyears21.com
citestaccnt1597730671.com
thecuriousincidentwes.com
alchembiopro.com
stardustanimations.com
ssgasiaw.com
sarajanesstudio.com
whitepointfineart.com
dlglawtx.com
doudiangroup.com
jackpod.team
abvoltprunus.bid
miimamablog.com
selfbuildwithmannok.com
thanhxuan99.online
germantos.com
waterdoor.net
wmscloud.net
services-24hras.com
maneadvisors.com
mosineetowing.com
blockdelightsmart.com
booyaka.design
brewery-run.com
dexteroushandmade.com
minhamochila.com
drawingwoo.com
thesalcombefurniturecompany.net
nashautoglass.com
beenationgear.com
cleanseforlifewellness.com
corecounselingcenter.info
naturalcreativesociety.com
sarcontraders.com
lickitbuddyrehab.com
theweekendrecap.com
cetiya-veluvana.com
w7asd.net
nyctophilia.net
asialion.net
goldentreegrp.com
jacobuspark.com
punchingforce.com
Targets
-
-
Target
pay $.exe
-
Size
557KB
-
MD5
5f36a5d12506389cb097a59838155c52
-
SHA1
b4de1b62ee1775c0e10fe0442cd1b6b3ef75146b
-
SHA256
43d831616e23a03c055971bc1c7c9ae0e87f491976e72ce8fa0074610f004488
-
SHA512
0dd7386c15c606c465496ff837a9780efa889a117da31c93f388601483d7d8f473a3ef80a727f7ac0b039d272c4753abc3bac73bdd53bb109bd5515134dd7ff6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-