General
-
Target
XXX00954345678LK.GZ
-
Size
245KB
-
Sample
211019-lwbwsagdhr
-
MD5
a86af64e2bc80c21801c4d46158149bf
-
SHA1
553251be4574e0c35b9de352df46977e881dd176
-
SHA256
768a13d336ce62e221c5228b84d9b98446f936ed9f29d0a7b281214cd7065617
-
SHA512
bdfcc53d5d878a14e8a18fa8ad56aeb951aea577307d34cd7945cdf39e42777bee2345f6451a3e3d593676b5b844a6654caddc8a7cd93ebd443383ba73dc48e0
Static task
static1
Behavioral task
behavioral1
Sample
XXX00954345678LK.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
iaop
http://www.georgeinnhatherleigh.com/iaop/
oosakichi.com
group1beadles.com
navegadorexclusivo.digital
awefca.xyz
strakerwilliams.com
stone-img.com
radialodge.com
tequesquitengo.net
humanegardens.com
rubberyporqjp.xyz
farazkhak.com
gfsexpornvideos.com
stealth-carrier.com
hemtpi.xyz
tygcj.com
agileiance.com
ioan316.com
kitchendesigns.xyz
shannacarolphotography.com
oheytech88.net
dashiter.com
zijinmenhu.com
dmfiller.com
amberchee.com
farmaciaepspllu.com
help-kmcsupport.com
naxek.com
yuumgo.academy
baopishuizhong.com
appcast-64.com
vpm-vektra.com
privygym.com
texascyclerepair.com
queerstakepool.com
maxicashprokil.xyz
enchantbnuyxc.xyz
heyunshangcheng.info
blockchainsupport.company
consultoriathayanechlad.com
cigreencig.com
enriquelopez.net
ultimateexitstrategy.com
jesuspodcast.biz
wecuxs.com
louroblottoyof2.xyz
12monthmillionairetraining.com
autoecoleamiens.com
kokko-kids.com
uniquecarbonbrush.com
fardaruilen.quest
generalcontractortheodoreal.com
kare-furniture.com
odnglobal.com
rihaltravels.com
jdlpcpa.com
websupportoutlook.com
sonyagivensrealty.com
johnmcnamaraimages.net
fa7777.xyz
northvisiondigital.com
docteurhouyengah.com
contactcenter7.email
lebenohnefleisch.com
sign-egypt.com
Targets
-
-
Target
XXX00954345678LK.exe
-
Size
412KB
-
MD5
7efcc253b788f264320f6f7f3afbbaff
-
SHA1
5c25530ed2eb2dff34056aa855bd16e6aef9c3a9
-
SHA256
6fa43d41bcec83773fa6f333655029d886633b7a46153d9f7ffbe3c44de19be9
-
SHA512
aa410052ea52603c1ce87b4b696c62db540e0b903f618aa9384be09efd16c50acad654e8edd908b4724f8caa35e02cdaf125397d2a1c48acb305f7d4363d620e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-