General
-
Target
Drawing.exe
-
Size
572KB
-
Sample
211020-ga6f2shehm
-
MD5
da60dccf62e5dd00e76531b6e0e74794
-
SHA1
a9bb11bbb6bcc1cb69b302bcec25ec29d770e6d4
-
SHA256
88f9f44e6cb13da79a3967ffa56a9d8c46d8d49623518df5e90c3d4cf72b3b79
-
SHA512
e6e25dbcc0b8669f781da4533783f5cf9abb568762837c03768369b4b9d99e4b637ff1a06f1829d53b683e2dc2ade14831bc5df804e42d2516f9ed96e6f6a74f
Static task
static1
Behavioral task
behavioral1
Sample
Drawing.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
dq6e
http://www.nihiufypsz.quest/dq6e/
one80.center
buymorefun.store
wiew-bkjm.com
elvalordesertu.com
tallyeyeglassery.net
nuhive.net
supportsmercari.com
h5625.com
dfgroup.website
personlig-almanacka.com
gunpow3r.com
xn--tiergesttzt-0hb.com
mpochip.com
accreditslots.com
gameplancyber.com
clickonline.website
bhagyashreerestaurant.com
lunaenglish.online
kidsorange.com
reshapers.art
19hawthornedrive166.com
allisonholaday.com
tuner-buy.com
lehyeh.com
salonspasuitesmanamgement.com
gordianits.com
zhuoyu168.com
jokeaou.com
tous-des-cons.club
ilmn8.com
geetamalhotra.com
crescentiron.com
therecipe.store
teneses.com
liberbankrtes.com
lifechangingcarehouston.com
balanz.express
poizboutique.com
anblogsite.com
chicherone.com
rotibagelen.com
trendystoreonline2021.com
boudoirluxe.com
grandhoums.com
oneloyalty.online
ospreyoutlet.store
xn--hc0bm0v0zb40ifs0a.com
localizandolab.com
mmorpgheroes.net
bodies-gym.xyz
thenorthdale.com
lasikeyesurgerysclinicus.com
pwntheusa.com
eaiworwek.xyz
almatnstore.com
savandehop.com
primetire.net
d-destiny.com
delmarexclusive.com
magentasrc.com
3danimation.xyz
getjano.com
cakeriver.com
wazis.store
Targets
-
-
Target
Drawing.exe
-
Size
572KB
-
MD5
da60dccf62e5dd00e76531b6e0e74794
-
SHA1
a9bb11bbb6bcc1cb69b302bcec25ec29d770e6d4
-
SHA256
88f9f44e6cb13da79a3967ffa56a9d8c46d8d49623518df5e90c3d4cf72b3b79
-
SHA512
e6e25dbcc0b8669f781da4533783f5cf9abb568762837c03768369b4b9d99e4b637ff1a06f1829d53b683e2dc2ade14831bc5df804e42d2516f9ed96e6f6a74f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-