General
-
Target
DN_467842234567.rar
-
Size
239KB
-
Sample
210927-pjrm9aghdp
-
MD5
da06995dfb8ffb16b4c2a3d6f3ec8ead
-
SHA1
16dfc064a9149586e270d8d80df3d8c6fb534f9b
-
SHA256
0c9a10a84e9a365e394d33848ee0951c0f1e47faa5e2acabaf3fed27b6020a2c
-
SHA512
57eaadc0327d8113b8c5cdb99fd050f160fd0988a9d6db1651121f85771ca94360299b169728f6e5e2f9cb7b623f603a0f1b6e090297da35c96005d2f9afff37
Static task
static1
Behavioral task
behavioral1
Sample
DN_467842234567.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.4
r95e
http://www.bofight.store/r95e/
mindyourbusinesscoin.com
melandri.club
13011196.com
bespinpoker.com
ohchainpodklo.xyz
paolacapitanio.com
hnczppjs.com
healthygold-carefit.club
drive16pay.art
5foldmastermind.com
especialistasorteios.online
cjcveterotqze.com
originaldigitalspaces.com
21lawsofconfidence.com
uscryptomininglaws.com
nilist.xyz
bergstromgreenholt.icu
dumbasslures.com
companieus.com
2gtfy0.com
jpbrunos.com
cdsensor.host
memorypc.gmbh
blue-music.com
lottochain.bet
exegen.online
gardenmanager.net
tyczhhapph5.com
financecreditpro.com
you-teikeis.site
portale-accessi-anomali.com
performansorganizasyon.xyz
coinoforum.com
kagulowa.com
kxdrstone.com
projudi-poker.com
glu-coin.com
mremvd.icu
smpldebts.com
gabgbang.com
hoochhousebar.com
zuowxk.icu
whatipm.com
healthcaresms.com
nurhalilah.xyz
platforma-gaz.space
railrats.com
lastmedicalcard.com
1auwifsr.icu
ctgybebuy.com
2377k.com
mightynz.com
sbcsdaia.com
conversionlist.com
ventas.rest
scotlaenlinea.site
byemreperde.com
getsilverberg.com
meannamemories.com
signotimes.com
jhuipx1cnb.xyz
5apchk35.xyz
tspd.site
aoshihuanyu.com
Targets
-
-
Target
DN_467842234567.exe
-
Size
253KB
-
MD5
c16013ea29f9dd1525dcb65c2184784e
-
SHA1
5afd533f29573050734e428f9f8c9ba08c79546a
-
SHA256
df05d916a02c09e1dba0df0841f93697e407a334ce8d2371dfe8befd909d8a43
-
SHA512
87c9e01aac687d2c675cb281592c930ce7bfefebc4eecde4135834bf896265d0238f9afc98726214fc30ef19c2528740aadf12df00e7cb44c469e56d5e9eefca
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-