General
-
Target
t0ID2yWRERNRIz4.exe
-
Size
818KB
-
Sample
210927-jq1a3sfhfj
-
MD5
2fa809111f6953a10bcae39ef3f57aa7
-
SHA1
9415a9c252e39776162749c9131d96274cd6cac9
-
SHA256
7b4c1bf9a15a419080fe02866aa26f162f79d5e01763c6af5915b07988556223
-
SHA512
adb6b340237a62af5fced4c819bfa92317e15a4062dab379d97a1b2ecd9e5ace9fca9330872f7d4f01c2a0b96035d9a69a376d7f7c812fece8584326447933b9
Static task
static1
Behavioral task
behavioral1
Sample
t0ID2yWRERNRIz4.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
gjeh
http://www.getaudionow.com/gjeh/
carmator.com
bsbqrp.com
siemens-mp.com
dunnfloorcoverings.com
cpassminimedicalschools.info
howtodesignyourhomeoffice.com
famliytaste.com
freesocialmarketing.com
jejuhaenyeo.net
tradebot.icu
arzug.com
carrefour-solucoes.online
ladyom.com
aoironote.com
newmexicocarwreckattorney.com
wealthpatternsllc.net
thinkpinkalicous.com
prajapati.company
bjhwky.com
jsdigitalekuns.com
hada-kirara.xyz
cryptochatr.com
ehao5ahhl6.com
i8news-sv.website
12sky2limitless.online
royalknightent.store
dualvisionproductions.com
nextgenerationracingleague.com
1dy17.xyz
vineethnekuri.com
offlces.com
mmpluk.com
4kwallpapers.online
yakyu-eiga.com
advertisingresult.com
ktshandymanservices.com
reyizz.com
ethics.tools
cyberbesttechnology.com
glopik.com
claybycollins.com
buythedamnbike.com
7q3qq3.com
normanwagers.com
editoramandacaia.com
fscmyc.com
contactosasi.com
brightpretty.com
glavins.net
demoxyz.online
apnagas.com
drdavesea.com
wholeheartedfounder.com
gunpowderz.com
thegliderguy.com
drawcen.com
7777wns.com
tecmovco.com
a3chic.com
alattarherbs.com
tracks-clicks.com
appioservice.com
matthewwesco.club
lampshadefish.com
Targets
-
-
Target
t0ID2yWRERNRIz4.exe
-
Size
818KB
-
MD5
2fa809111f6953a10bcae39ef3f57aa7
-
SHA1
9415a9c252e39776162749c9131d96274cd6cac9
-
SHA256
7b4c1bf9a15a419080fe02866aa26f162f79d5e01763c6af5915b07988556223
-
SHA512
adb6b340237a62af5fced4c819bfa92317e15a4062dab379d97a1b2ecd9e5ace9fca9330872f7d4f01c2a0b96035d9a69a376d7f7c812fece8584326447933b9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-