General
-
Target
kzNDJkUFN9Ogo4Z.rar
-
Size
379KB
-
Sample
210917-wq41gsahel
-
MD5
aee6b9a7493b8dc8b3805b1bb50cb610
-
SHA1
e261aeb4b081525e77f4fc0987505ab56ce8a0f7
-
SHA256
00aa43d18f6fb3e9af58a7ad1f569a8e5e53baa270940e878469eb0ec8fe5ff1
-
SHA512
177328e0beb9da1e0a6e8d3f8eefe81aed42551ddea4c813e0c2b64302ff57b7d578a12ae972e458d227b0e0e0c95c9e3b95c2380622b638e53e0ea9599466be
Static task
static1
Behavioral task
behavioral1
Sample
kzNDJkUFN9Ogo4Z.exe
Resource
win7-en-20210916
Malware Config
Extracted
xloader
2.3
a0ce
http://www.car-surgeons.com/a0ce/
chennaiprintshop.com
criminallawbd.com
www140800.com
southernleaflounge.com
moderngypsydesignlabs.com
bioarmourtech.com
simplyalina.com
picnicdepot.com
peshawarsc.com
innovativecustomcabinetry.com
fzju-ovrzw.xyz
63mews.com
giovannitarga.com
modernofficeaccessories.com
a2zpetcare.net
online-nb.com
brateix.info
bosc.pro
xcarethospitality.com
sedulabs.com
thebitcoinmansion.com
foodvroom.com
aliadosencrecimiento.com
3dls.agency
mfbcapital.com
jikeisho-kai.com
xx-zhuce.com
logisticalallegro.com
notscratch.xyz
induskal.com
edificiovirtual.com
manyprayers.com
marketheal.com
bobrbogle.com
mark-wiseman.com
effecacia.com
jztx189.com
apogee8.com
rating.systems
vicentesampaio.com
provuhomeinspections.com
earthmovingcompany.com
pastelclothes.com
navidrahnama.com
arenaconsultingltd.com
biodxandi.com
rvcgkuuusvk.com
publicschoolsurveys.com
outpostatlanta.com
superidol.asia
whoopershop.com
milffriendfinders.com
pphemr.net
alodebana.com
itsamething.com
libertyhousesavannah.com
tronsupernode.com
wahana.agency
buddygay.com
yunyijian.ink
albullansa.com
wecanloseweight.com
fastroadvehiclesolutions.co.uk
computerservicetn.com
Targets
-
-
Target
kzNDJkUFN9Ogo4Z.exe
-
Size
458KB
-
MD5
da89e9e692b59173b8a32858194df702
-
SHA1
3b0a7663082c37f7653c45405dc1477d22879113
-
SHA256
4ba1f1501a26ef0aa2b5bf2c78c8e829812bc931fcad960a768fbf1cab55e351
-
SHA512
bc27ee3020a9f0a865bd55afe25e6b1117287e9bdc16ea12b98e4b96202a5a271a9315963e7c98f8735d5cea6d01edc73b0422fec19d1b07b9164de1550a30de
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-