General
-
Target
BL.exe
-
Size
807KB
-
Sample
210928-py9sdacbcm
-
MD5
655d846a65b27c02ed505b03a4c3bb5c
-
SHA1
9b0861b0e816878ba0293cbe7c2838ed6f1ab98b
-
SHA256
c6abf1c546a9bd38b2e156da3b3d13388a3f81cf1955f85f76792c6193e144a6
-
SHA512
0ce9e954e41771c8ee9d982798d659ac73e9880aa887541348e70ae9a4a880163145b1c3e1650f99a8e1ebb8b0177cb7ffab0daa41027a4dffeca5e0a4534bda
Static task
static1
Behavioral task
behavioral1
Sample
BL.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
BL.exe
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.3
angp
http://www.cartoonuniversetr.com/angp/
up24az.com
zeroveom.com
1digitalventures.com
forddongsaigon.com
ryota-mizusawa.com
quick-1k.com
startprofitsonline.com
thumbaycomforts.com
wigholes.website
makhariskloset.com
laranabcn.com
unseen.observer
multipliii.com
smartpod.tech
lightparis.com
reddetenis.com
forprosperliving.group
growingequityfund.com
youbuzc.com
kompromat.global
tvanchieta.com
zusbre.com
beijingban2.icu
beautybrowpen.com
broadwayvapeshops.com
securaproperty.com
398-genda.icu
karate-club-arbent.com
walkietalkiesforkids.com
watsonplumbingheating.com
automationagility.com
agaverealestateteam.com
thereprezentant.com
shrivastavwebsolutions.com
hydets.xyz
little-monsters.info
amorabeautygh.com
kuberabettingtip.com
cervezamaracaibo.com
diyblogphotos.com
upscalejob.com
osti-slim-001.host
tmcb2b.com
stuartdio.com
redemptionstorychurch.com
okinfocenter.com
activatemymind.com
dnadropnutrition.com
pietermaritzburgpower.com
fjxwddz.com
youngindwon.com
neworleanshemorrhoidcenter.com
blunss.info
thereglo.com
greeenshootsproductions.com
missasiasanfrancisco.com
oparinia.com
metroimportadores.com
thepremiumfreight.com
themodernthali.com
compallowshop.com
korsandroid.com
saqtrading.com
zhuanzhuana.club
Targets
-
-
Target
BL.exe
-
Size
807KB
-
MD5
655d846a65b27c02ed505b03a4c3bb5c
-
SHA1
9b0861b0e816878ba0293cbe7c2838ed6f1ab98b
-
SHA256
c6abf1c546a9bd38b2e156da3b3d13388a3f81cf1955f85f76792c6193e144a6
-
SHA512
0ce9e954e41771c8ee9d982798d659ac73e9880aa887541348e70ae9a4a880163145b1c3e1650f99a8e1ebb8b0177cb7ffab0daa41027a4dffeca5e0a4534bda
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-