General
-
Target
TPJX2QwEdXs5sTV.exe
-
Size
655KB
-
Sample
210915-rdhjhadggm
-
MD5
ce556ce97ea23cbc2940f2aad45d468f
-
SHA1
cc2bdaefa2f0ac108e2f456e42a42e8258580cf4
-
SHA256
7c3d5ebd2c417a52b2a0b98dee95b5a7f283816f6a2453ceeffd31becc140882
-
SHA512
82d4d71aeb5118d600394c64eb127ca4a87d7b83702feb4f9c5b0a0d98a597f812ebfd16784cbde54b9f4b1c87d3c7eaf57fb1c86b9720df95419887fc13f77b
Static task
static1
Behavioral task
behavioral1
Sample
TPJX2QwEdXs5sTV.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
TPJX2QwEdXs5sTV.exe
Resource
win10-en
Malware Config
Extracted
xloader
2.4
t75f
http://www.438451.com/t75f/
ice-lemon.pro
ar3spro.cloud
9055837.com
fucksociety.net
prettyofficialx.com
mfxw.xyz
relationshipquiz.info
customia.xyz
juanayjuan.com
zidiankj.com
facture-booking.com
secondmining.store
aboutyou.club
gongxichen.com
laurabraincreative.com
pierrot-bros.com
saintpaulaccountingservices.com
dom-maya.com
garderobamarzen.net
la-salamandre-assurances.com
pearmanprep.com
telfarcontrol.com
productsshareco.com
cirf2021.online
purchasevip.com
cakewalkvision.com
pointrenewables.com
groups4n.com
swnegce.xyz
tjapro.com
packagedesign.biz
services-govgr.cloud
shopgrassfedbeef.com
tquilaint.com
templetreemontessori.com
munortiete.com
nothingbutspotlesss.com
fanpaixiu.xyz
fr-site-amazon.com
salartfinance.com
beachers-shop.com
friskvardaportalen.online
pinsanova.site
lemonvinyl.online
indianadogeavaxsite.site
styphon.com
open24review-service.com
bdjh9.xyz
cocodiesel.com
fortmyersfl.deals
dsdtourism.com
phone-il.net
learningfactoryus.com
incentreward.xyz
travellerfund.com
changcheng.pro
cryptowalletts.com
tradopplst.xyz
autonomoustechnologyinc.com
assessmentdna.xyz
denicon-th.com
dib5so.com
genwealthbuilders.store
delnetitcilo.net
Targets
-
-
Target
TPJX2QwEdXs5sTV.exe
-
Size
655KB
-
MD5
ce556ce97ea23cbc2940f2aad45d468f
-
SHA1
cc2bdaefa2f0ac108e2f456e42a42e8258580cf4
-
SHA256
7c3d5ebd2c417a52b2a0b98dee95b5a7f283816f6a2453ceeffd31becc140882
-
SHA512
82d4d71aeb5118d600394c64eb127ca4a87d7b83702feb4f9c5b0a0d98a597f812ebfd16784cbde54b9f4b1c87d3c7eaf57fb1c86b9720df95419887fc13f77b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-