General
-
Target
e1d85bbe872f0e8fe976b1ea8d9a526b
-
Size
238KB
-
Sample
211019-e6lqeagbbq
-
MD5
e1d85bbe872f0e8fe976b1ea8d9a526b
-
SHA1
c653b299e75a9905429a9c2f9ef4f9de411ad469
-
SHA256
a200d8d842c5a05f5e9ac89f24adbebbf62343c69e516abe4a257713cc09866e
-
SHA512
f54d9a169d9c2cadff9f551c1ce173e81ba7793c0866d681960daedc3b3e3c72ea5e389a9c83d868876960ba3e83de2b6610d71d749f066464ea66147378d7a7
Static task
static1
Behavioral task
behavioral1
Sample
Siam- PO019-021.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
w240
http://www.palisadesburgers.com/w240/
deathgummys.com
accentuable.info
logisticairpetrelocators.com
playdropmats.com
ewshop.club
bislists.com
pkkjoo.net
goldenkaktus.com
bigspiderproductions.com
funessences.com
gimpydogproductions.com
motivatedmarketinggroup.com
bjadd.com
2ux3ms.com
zafzi.com
oldmanemailplan.xyz
quotexlibya.com
mobco.store
stofferogbo.kim
akidsguidetotheworld.com
rubiotravel.com
dcmr-ns.com
cetalimited.com
salon-nsk.com
allinvtesler.info
ccfuydao.com
fotorestaurante360.com
expatinternetphone.com
aeb-global.net
bjhsthkj.com
616671.com
hhdopg.xyz
maleaou.com
la-invisible.com
mobliranrad.com
fideicomisario.com
texorse.website
xcdy1818.com
chaosmatheclub.com
yabateam.com
trevoreckhoff.com
sheaselectricla.com
818recordsllc.com
onchainanimals.com
groupe-oden.net
ranbix.com
temppou.com
generalcorporations.net
thesunnysoulsisters.com
610crew.com
schmetterlingimmobilien.com
nas-jinsung.com
customapronsnow.com
porsedanbe.xyz
portjob63.com
viajeroscuriosos.com
swisstrustcitybank.com
mmxohs.com
nanobiotechlabs.com
scorpionproductionsbymk.com
dev-projectmanagement.com
xaaz2.xyz
13lee.com
appcoinsupport.services
Targets
-
-
Target
Siam- PO019-021.exe
-
Size
252KB
-
MD5
cdd5b0078abe46c33fec9ca31022cbdb
-
SHA1
6a55b482eab522e4c70d5f588573687b73444a84
-
SHA256
b207cf6e0fe84692f4311e2768d913bae8005da5f7ed4cf1cee2459a6f62faa9
-
SHA512
0c7c64b023e51e638334ec05e2b24e179153563ddaae81f392da9e6e5cf93211125e6837c86bb6b964f9a0db4e46fa975e9acfe5b46f8346b26df887de8f5bce
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-