General
-
Target
payment 001.r00
-
Size
490KB
-
Sample
210927-n8lymaggdk
-
MD5
0821865d2b73d1f6a7b6c07522e14c63
-
SHA1
d2daa99c6a03d8a0b1734f4ae68ccb46b44e3223
-
SHA256
79be541f25bdd8abb7e7111bf0d3642b941cfa0349d2b5e7441773c81e6aa8d4
-
SHA512
4afdb8e7be357d1eac56134a96c519061666556298cc39108b202cfa85f41051999c4fc8211b1dc8cca492a798100beb641146ffd960fcf8c2ddb648772740a2
Static task
static1
Behavioral task
behavioral1
Sample
$$$.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
jdt0
http://www.jen4x.com/jdt0/
william188.com
kmknim.com
freedomnofear.com
industrialohare.com
devopswave.com
g1fz.com
aliceguidi.info
linkared.com
crossboda.com
lpddr3.com
ktnword.xyz
productsdesign.top
dulichnhatviet.com
piazzaassociates.com
inpude.com
kmi.contractors
getkyrobak.com
sportinggoodssuperstore.com
trifoly.info
aspectjudge.com
yangmoo.com
shiftmedicalstaffing.agency
umofan.com
investmentqualityjewels.com
hoteldelpaseocampeche.com
ezhandianfu888.com
liveincare-online.com
riverflowmassage.com
heldyn.com
escueladecampo.com
telecombazaar.com
oshitoishi.net
microexpertise.com
successportal.net
nepll.com
jdqmg.com
aedificeproperty.com
element-light.com
karenellissolutions.com
embutidosdigitales.com
goddistorted.com
wanimi.online
online-ec.biz
staysg.club
roytoys.xyz
loadcenter-dropbox.biz
appcast-70.com
espraycash.com
busizy.com
intellibotz.com
gg-loader.com
rocketdealfinder.com
hosting-premium-online.com
lookyanychev-gallery.store
norllix.com
itooze.com
cbuqn.com
life-lover.com
kelloscosplay.com
memory-information.club
grand-polyana.com
sanieart.com
pavlonmedia.net
edgar-regale.com
Targets
-
-
Target
$$$.exe
-
Size
761KB
-
MD5
2d4991b52cb7c3f5e3cb8ed4d22c069a
-
SHA1
5f16af33b1cc461e4c6b4f5d1848547040fa1772
-
SHA256
984dec79b881adf59d5308f52fddeda0fbccbd917b750f6ec9a5be1a1a4dc0fa
-
SHA512
ee17ff87e053092385d90337cbab6719822f137dbf33408f10dc52f4c0db2579f54d56d54be7e55439945705de9005c27e361c29909d05704339c5333a8b14a2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-