General
-
Target
b38d95879bc287171a491de879e84e0b
-
Size
847KB
-
Sample
211020-y81f5aadhl
-
MD5
b38d95879bc287171a491de879e84e0b
-
SHA1
f9bb64fd8d71bc1b689d382e136a00387ad7d9cf
-
SHA256
c66278e7c7a5ccb279d55d3dc1b3ef42188e47f276f09d5a8f686a5ba2ab3dd7
-
SHA512
53968a3ac35efcf8e6f0b55c20175cf5fd726b8bbdd2c567d05bbb52f9702d3c50abd99cac5cc3d2d3a40a09f6a6de35228ea1763f249577954e369a877fd18b
Static task
static1
Behavioral task
behavioral1
Sample
b38d95879bc287171a491de879e84e0b.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
o4um
http://www.dependablelawnsnow.com/o4um/
kagami-belt.com
k7e.xyz
slowcontentmarketing.com
nativeamericannurse.com
stadtquartier.xyz
vietlinkmart.com
numisme.xyz
lypp-sh.com
walkerwaughray.com
homerightsolutions.com
vpdd.top
857741.com
informednewsreader.com
misachoavien.com
aslanrefinedhomes.com
bjhaitaoshop.com
lb-fo.com
shadedfaetattoos.com
tallulahapp.com
amhonlinemarketing.com
rotatingenergy.com
alabeocopra.quest
clublebron.com
maximumbahis240.com
muskegostorageco.com
arendayouaccfb.online
zjgker.com
crux-at.com
printsofthecitypgh.com
rishisinghlaw.com
thera.xyz
winiarnia.net
qq8.space
houseofidiots.com
motherhood-diaries.com
asasaul.top
3dotshub.com
laliinparfumeri.com
raywhiteinc.com
lighterthanlight.net
themshirt.com
falbkugel.quest
francissoba.com
shopgraciadivina.com
wakelust.online
thatsthailand.com
beeosum.com
anushreehomemadeproducts.online
gzmeijuan.com
wipegorgeous.com
nexteventtnpasumo3.xyz
molitransport.com
aquitemtijolo.com
noun-bug.com
myopportunity.online
supermuschina.com
thepatrioteffect.com
zioholdings.com
gordonhalecpas.com
vestindocomamor.com
redrockaccommodation.online
thepostres.online
hometech-bosch.xyz
indowinjp.com
Targets
-
-
Target
b38d95879bc287171a491de879e84e0b
-
Size
847KB
-
MD5
b38d95879bc287171a491de879e84e0b
-
SHA1
f9bb64fd8d71bc1b689d382e136a00387ad7d9cf
-
SHA256
c66278e7c7a5ccb279d55d3dc1b3ef42188e47f276f09d5a8f686a5ba2ab3dd7
-
SHA512
53968a3ac35efcf8e6f0b55c20175cf5fd726b8bbdd2c567d05bbb52f9702d3c50abd99cac5cc3d2d3a40a09f6a6de35228ea1763f249577954e369a877fd18b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-