General
-
Target
Doc_008543678.exe
-
Size
347KB
-
Sample
211015-vvt6eabhfj
-
MD5
6f458a706a5d5e0a65adaceec728d6c8
-
SHA1
5d623230470043f8a55a426e2b95b1501cd96820
-
SHA256
9f55a497a04ad1181a75185f7b2ec1be0b9d33ed50f26c0c8cc82fa0f85db590
-
SHA512
30f8f0806bf4180bae7fc474ac2ad00ceb8cb6f07308c2f7910f2011a6bfbb7ed664001118b3a0fbd74709aea1f25fa4f3e85e4a330469a168b5aed28a43511d
Static task
static1
Behavioral task
behavioral1
Sample
Doc_008543678.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
yjqn
http://www.wavekiss.com/yjqn/
ittybittybunnies.com
flordedesierto.com
cum.care
petshomespace.com
verputzarbeit.com
yuvajanmat.com
getlie.com
finanes.xyz
thelazyrando.com
domelite.design
yukinko-takasu.com
pontosmensal.com
maurlinoconstruction.com
getelectronow.com
newmexicocarwrecklawfirm.com
gunnbucks.com
ncsy30.xyz
opsem.info
authorisewallet.com
scchanghe.com
dpisa.info
z5r9t.online
paisleiskreations.com
arabatalmustahlik.com
summahred.com
moodplans.com
theglobalonlineacademy.com
dutchdollhouse.com
strolleyluggage.online
qimai51.com
2day-sweeps.info
skyguardens.com
lilijewls.com
if.services
teneses.com
bwteeco.com
walletsupportsnow.com
mk696.com
suddennnnnnnnnnnn48.xyz
alphadogsocial.com
michitorres.com
trybestchoice.com
axelar.academy
mountlaketerraceapartment.com
webmakers.xyz
domaineregnard.com
snail-sky.com
jengibre.xyz
sichuanyitai.com
otqrfw.com
rcdating.com
youyushops.com
fltraffic.net
68065123.com
standingoncommonground.net
eqzaec.com
yujieqin.com
aquitemtijolo.com
worldhealthplanet.com
galmbacher-legal.com
acumen-international.com
predictablecomfort365.com
atesex.com
roboruben.com
Targets
-
-
Target
Doc_008543678.exe
-
Size
347KB
-
MD5
6f458a706a5d5e0a65adaceec728d6c8
-
SHA1
5d623230470043f8a55a426e2b95b1501cd96820
-
SHA256
9f55a497a04ad1181a75185f7b2ec1be0b9d33ed50f26c0c8cc82fa0f85db590
-
SHA512
30f8f0806bf4180bae7fc474ac2ad00ceb8cb6f07308c2f7910f2011a6bfbb7ed664001118b3a0fbd74709aea1f25fa4f3e85e4a330469a168b5aed28a43511d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-