General
-
Target
51cd4ea4c20552f51824b13af3a93360
-
Size
847KB
-
Sample
211021-lyxk9sahgp
-
MD5
51cd4ea4c20552f51824b13af3a93360
-
SHA1
1f85673268160d356cc66056e18e721646a51034
-
SHA256
891ff9447dec210b5897080666b8281d7387206c14dba7587465e16bd2efa117
-
SHA512
add0bc6bec599694cdd9c19101edf0b66a914aa4198ed9f10d23e4c14b8bf2708c992917326974007c59c4e6e5c49063c0e1ade25556cdc19ae9dc1a8c79fbcf
Static task
static1
Behavioral task
behavioral1
Sample
51cd4ea4c20552f51824b13af3a93360.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
sb6n
http://www.best5amazon.com/sb6n/
bogosamba.com
inmobiliariapuertalavilla.com
nopressurewellness.com
hairshopamity.com
epicmoments360.com
tutorgpa.com
fucibou.xyz
135631.com
portraydashcam.com
raqsarabia.com
okantis.net
vongquaykimcuongfreefire.online
prodom.online
5537sbishop.info
lisakenneyinc.com
fivetime.xyz
borzv.com
joungla.com
mas-urbano.com
sjczyw.com
kanesia.com
cursovendasafiliagram.website
lumledstore.com
id-434563.site
tinkerform.com
chainedorchange.com
147149cale.com
windmillbusiness.com
moccocity.com
linkinsense.net
asportrans.com
texasmotorcycletransport.com
unviajeinsospechado.com
rishaande.tech
happylifecompanies.com
thewtot.com
homeyhousy.com
schoolx.space
gr-pcs.com
bedrocksolution.net
investorsbamk.com
rewoodlovro.quest
scratchforce.com
roosteco.com
zacharyparkerporward5.com
itranslate.club
mastessrhalco.com
jytyxyc.xyz
theelegantflamestore.com
grausalvarez.com
riveroakdevelopment.com
intervalagency.com
yugenft.com
6672pk.com
euphoricpucci.com
sedlmayer.gmbh
caricomrealestate.online
herseymagazamda.com
kefirusa.com
royalclnglegacy.com
toptanalcimalzemeleri.com
recbi56ni.com
transformdom.net
writersmight.com
Targets
-
-
Target
51cd4ea4c20552f51824b13af3a93360
-
Size
847KB
-
MD5
51cd4ea4c20552f51824b13af3a93360
-
SHA1
1f85673268160d356cc66056e18e721646a51034
-
SHA256
891ff9447dec210b5897080666b8281d7387206c14dba7587465e16bd2efa117
-
SHA512
add0bc6bec599694cdd9c19101edf0b66a914aa4198ed9f10d23e4c14b8bf2708c992917326974007c59c4e6e5c49063c0e1ade25556cdc19ae9dc1a8c79fbcf
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-