General
-
Target
UPStracking0940292.iso
-
Size
318KB
-
Sample
210929-j6g5faeddl
-
MD5
f9ef284b19180b1e1309464d44656d5a
-
SHA1
272d01b699facc5961709f405ad242be8406dd83
-
SHA256
eec96529834b477322282fdc1f9a976905677cd0e57389b81fd7039247515568
-
SHA512
1ba81e15b90309f4d72f9ebfcd14c653e3490584ef129bd19ba725b4f7cbe87fa60705eed1c44918048f18af6bf0b0789aeb8177d445d9dc5005f2c76fb6536f
Static task
static1
Behavioral task
behavioral1
Sample
UPStracking0940292.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
dhua
http://www.segurosramosroman.com/dhua/
ketostar.club
icanmakeyoufamous.com
claimygdejection.com
garlicinterestedparent.xyz
bits-clicks.com
030atk.xyz
ballwiegand.com
logs-illumidesk.com
785686.com
flnewsfeed.com
transporteshrj.net
agenciamundodigital.online
bowersllc.com
urchncenw.com
wuauwuaumx.com
littlesportsacademy.com
xn--m3chb3ax0abdta3fwhk.com
prmarketings.com
jiaozhanlianmeng.com
whenisthestore.space
ventureagora.net
ditrixmed.store
gitlab-tamskillpage.com
samgravikasnidhi.com
lenti4you.com
reviewallstarscommerce.com
nissimarble.com
md2px.xyz
tristarelectronics.net
you11.net
vaccinationfraud.xyz
bu3helo.com
marcellcheckpoint.com
hassinkandroos.com
socw.quest
screenedscooptoknow-today.info
aciburada.com
edimacare.com
smokenation.net
elga-groupinc.com
26dgj.xyz
chandleenews.com
sugarcanemultisport.com
nichellejonesrealtor.com
architektschnur.com
atehgroup.com
ocoeeboys.com
zanesells.com
878971.com
infringement-notice.com
orzame.com
darlindough.com
bwpassionenterprise.com
switchress.com
willcowblog.online
rsyncpalace.com
ayderstudio.com
ascotintrenational.com
omeducationhelp.com
kimberleydawnwallace.com
thereisnooneway.com
marketobserve.com
sildenafilnrx.com
willowbaldwin.com
Targets
-
-
Target
UPStracking0940292.exe
-
Size
256KB
-
MD5
ecad1092417fae79942a0022ce770621
-
SHA1
661d76ff20089a6926c95a934b4619baefd230c5
-
SHA256
86ccf51a612ccf7c07b1e356636e236abca7bd99b3176e983d777f07fde6a757
-
SHA512
9a428228b6f66d3cd200f698e910c1c0a88f361638a47891a6a5eb59871e536d07f5607483cee31d810984af509f293b09a77261b766ea957bba449de21207e7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-