General
-
Target
IMG-pic 0699821.rar
-
Size
380KB
-
Sample
211013-v84a8seehp
-
MD5
3de0e3c689a8ca23c9ef0bbfebcdd2f5
-
SHA1
6cb8931d12687372be631304ae29587214203857
-
SHA256
2abdd1acce1502983aa1064db5d94a894391aeb300c14e8c372138491aef2036
-
SHA512
36ffa00984d34298bf0886162704bff414727cf3989cc283546de66654ceca451b0a12a125d6bc32646b870df97e0174112e6d9bdc293e11414f21d16e5d5210
Static task
static1
Behavioral task
behavioral1
Sample
IMG-pic 0699821.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
epns
http://www.lnvietnam.online/epns/
mmfaccao.com
blttsperma.quest
946abe.net
indispensablehands.com
jkformationfrance.com
phonerepaire.com
lienquan-trian.com
youkuti.com
empowermindbodystudios.com
seunicapf.com
fk-link.xyz
kunai.tech
difficultbutdoablebrand.com
ejworkspace.com
teracorp.biz
thekids.today
quintaalentejana.com
annaviruksham.com
jshengrong.com
nsmetalmakina.xyz
hentainftd.com
alphabet-chicken-farms.com
erotikchat.red
skintipsllc.com
expressofertachegou.com
ygraeriotexniki.com
thesidehustler.net
visionries.com
deployinghigh.com
havana-smile.com
exclusivegift7.com
ephraimhomedeals.com
westquartier.com
kiingear.com
officecom-myaccount.com
lemomentconcept.com
royalteacherclass.com
alltart.com
hustlershandbook.biz
mxpvlv.biz
canalcorporate.com
carcity.toys
k6tkuwrnjake.biz
acrobike69.com
4000518883.com
katia-magnetisme.com
shiningproent.com
ikmbc-b02.com
thoughtsbig.com
baba.clinic
blazestead.com
12monthmillionairetraining.com
goodtasteonline.com
nokushop.com
teneses.com
215oldtoby.com
pampelina.com
eimzaizmir.com
newnetteline.com
discovertexasbeaches.com
farrukhportfolio.website
bombers.xyz
melissacarbonell.group
5402506.win
Targets
-
-
Target
IMG-pic 0699821.exe
-
Size
1001KB
-
MD5
14f80d04ac41196b969f4a6a60016a5a
-
SHA1
7fbf938dcb3c873b4e6bb0b0ca00cff825c59d65
-
SHA256
e07717afe65c94d4cae860225c8d6aaa4d3bde732598d34c96f98ff927e1d489
-
SHA512
d2c757df0c99e93f40f6000cdf64493d62ee41f32471091800616f1aaca1063cc48c1f0d26b6d5ea2a5d44cb636b6e86cf4b1dcfe540242cf8640b17c896642a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-