General
-
Target
DOC.r15
-
Size
394KB
-
Sample
210916-nxx7hsgbal
-
MD5
f0bfd4b4943114598facebab05709f76
-
SHA1
a4334f218a0381e6da71acab90d1bb1ae9394c33
-
SHA256
4d0bc62fb924d6a3ba487e61f69d9cd71c3e231ace06a3c1ce151c27a55d7a3c
-
SHA512
f183d860becb6ce34394f7a2b0e1d4b2dea858b55b3d277c02fc9277ea1a17d7782a2ee84f0f9d35fc306cc685372dc7ff21f70ea42149519812de68df5835e9
Static task
static1
Behavioral task
behavioral1
Sample
DOC.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.4
n58i
http://www.nordicbatterybelt.net/n58i/
southerncircumstance.com
mcsasco.com
ifbrick.com
societe-anonyme.net
bantank.xyz
dogecoin.beauty
aboutacoffee.com
babalandlordrealestate.com
tintgta.com
integrity.directory
parwnr.icu
poltishof.online
stayandstyle.com
ickjeame.xyz
currentmotors.ca
pond.fund
petrosterzis.com
deadbydaylightpoints.com
hotel-balzac.paris
focusmaintainance.com
odeonmarket.com
voeran.net
lookailpop.xyz
sashaignatenko.com
royalgreenvillage.com
airbhouse.com
zl-dz.com
fuwuxz.com
wugupihuhepop.xyz
zmdhysm.com
luchin.site
rnchaincvkbip.xyz
fffddfrfqffrtgthhhbhffgfr.com
goabbasoon.info
booyahbucks.com
ilovecoventry.com
components-electronics.com
advindustry.com
browandline.com
hotnspicy.site
marlonj26.com
holidays24.net
starworks.online
mbchaindogbbc.xyz
3wouqg.com
evnfreesx.com
baureihe51.com
hycelassetmanagement.space
photostickomni-trendyfinds.com
singisa4letterword.com
thklw.online
menramen.com
highspeedinternetinc.com
beerenhunger.info
hisensor.world
lassurancevalence.com
clementchanlab.com
customia.xyz
alysvera-centroestetico.com
cx-xiezuo.com
index-mp3.com
mybenefits51.com
vyhozoi.site
lingerista.net
Targets
-
-
Target
DOC.exe
-
Size
463KB
-
MD5
e2e027360aa11a532949fb6c013009d5
-
SHA1
2488a833ee33ea4ce3ff0e5e7615e35d647816e2
-
SHA256
13c2ff62d1e29d6e88c828851f842b17acb6293da92bdf5223e87a67bf00ed31
-
SHA512
240a63a3c245d1dd963cc33b290796e646276f9488692037f26009efde4ad39b9c6af6d0c4d21ca19b5ade4a677b4b2d7e83003a519c2dbfbf408c086ca0f04a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-