General
-
Target
3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6
-
Size
794KB
-
Sample
211014-pfxebsacbq
-
MD5
f11ebc7e0b269ee17f61f7a4ab4ce9ec
-
SHA1
eaed674ac16bfedaf34c8ef1005cbb236ee647f0
-
SHA256
3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6
-
SHA512
a418073ce2d9a6217e19849fa24c2b0d172caf1a6514bb63356b240e76b3ed4f9123cb3e102ff804126bdebd8614afb5c225552eadd7b756917118fb619497ea
Static task
static1
Malware Config
Extracted
xloader
2.5
ht08
http://www.septemberstockevent200.com/ht08/
joye.club
istanbulemlakgalerisi.online
annikadaniel.love
oooci.com
curebase-test.com
swisstradecenter.com
hacticum.com
centercodebase.com
recbi56ni.com
mmj0115.xyz
sharpstead.com
sprklbeauty.com
progettogenesi.cloud
dolinum.com
amaroqadvisors.com
traininig.com
leewaysvcs.com
nashhomesearch.com
joy1263.com
serkanyamac.com
nursingprogramsforme.com
huakf.com
1w3.online
watermountsteam.top
tyralruutan.quest
mattlambert.xyz
xn--fiqs8sypgfujbl4a.xn--czru2d
hfgoal.com
587868.net
noyoucantridemyonewheel.com
riewesell.top
expn.asia
suplementarsas.com
item154655544.com
cdgdentists.com
deboraverdian.com
franquiciasexclusivas.tienda
tminus-10.com
psychoterapeuta-wroclaw.com
coachingbywatson.com
lknitti.net
belenpison.agency
facilitetec.com
99077000.com
thefitmog.com
kinmanpowerwashing.com
escueladelbuenamor.com
getjoyce.net
oilelm.com
maikoufarm.com
hespresso.net
timothyschmallrealt.com
knoxvilleraingutters.com
roonkingagency.online
trashwasher.com
angyfoods.com
yungbredda.com
digipoint-entertainment.com
shangduli.space
kalaraskincare.com
ktnsound.xyz
miabellavita.com
thenlpmentor.com
marzhukov.com
Targets
-
-
Target
3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6
-
Size
794KB
-
MD5
f11ebc7e0b269ee17f61f7a4ab4ce9ec
-
SHA1
eaed674ac16bfedaf34c8ef1005cbb236ee647f0
-
SHA256
3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6
-
SHA512
a418073ce2d9a6217e19849fa24c2b0d172caf1a6514bb63356b240e76b3ed4f9123cb3e102ff804126bdebd8614afb5c225552eadd7b756917118fb619497ea
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-