General
-
Target
PL0000865422.rar
-
Size
274KB
-
Sample
211018-xxql4sfcgl
-
MD5
d5709de6bd6067d63af4a1a13a66ee7a
-
SHA1
dc8ab966c77a6df5b177fa97b917e2acf8b3ab82
-
SHA256
721ccf61f985ae4e85d3489c4da599692a1194ea88308ad52f56986326a3a9d0
-
SHA512
a8c5fda9167a9a508fce1ea88eeee03ffa637816783232b23e1c8c5fd46536bd55c7fbbed9cf11a24680f6ef0684102d2311447801a7dc29c2efbff246132513
Static task
static1
Behavioral task
behavioral1
Sample
PL0000865422.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
yjqn
http://www.wavekiss.com/yjqn/
ittybittybunnies.com
flordedesierto.com
cum.care
petshomespace.com
verputzarbeit.com
yuvajanmat.com
getlie.com
finanes.xyz
thelazyrando.com
domelite.design
yukinko-takasu.com
pontosmensal.com
maurlinoconstruction.com
getelectronow.com
newmexicocarwrecklawfirm.com
gunnbucks.com
ncsy30.xyz
opsem.info
authorisewallet.com
scchanghe.com
dpisa.info
z5r9t.online
paisleiskreations.com
arabatalmustahlik.com
summahred.com
moodplans.com
theglobalonlineacademy.com
dutchdollhouse.com
strolleyluggage.online
qimai51.com
2day-sweeps.info
skyguardens.com
lilijewls.com
if.services
teneses.com
bwteeco.com
walletsupportsnow.com
mk696.com
suddennnnnnnnnnnn48.xyz
alphadogsocial.com
michitorres.com
trybestchoice.com
axelar.academy
mountlaketerraceapartment.com
webmakers.xyz
domaineregnard.com
snail-sky.com
jengibre.xyz
sichuanyitai.com
otqrfw.com
rcdating.com
youyushops.com
fltraffic.net
68065123.com
standingoncommonground.net
eqzaec.com
yujieqin.com
aquitemtijolo.com
worldhealthplanet.com
galmbacher-legal.com
acumen-international.com
predictablecomfort365.com
atesex.com
roboruben.com
Targets
-
-
Target
PL0000865422.exe
-
Size
703KB
-
MD5
3058852680b613ecb1358c0f35506827
-
SHA1
0c7bdea3c59db8b19b89a96e804f1dab630d81c7
-
SHA256
9e433f562c623ddfcc0248f72a1c721916fc93ad56d18c4eb7ef6e60f8d7c1f2
-
SHA512
940e968e19bf3cd2b06fe30f1b7c23686959e728f52612c23d23eeba2bd54bc7dd066d35e437406a60e5ca3c6ec349587c445f1158fbdce5777f18f3307be7ff
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-