General
-
Target
XLOQKH087654560780098765zxkpx.z
-
Size
271KB
-
Sample
211022-d48lqacaaj
-
MD5
244b6c391e084e8e7544feea0ffb7850
-
SHA1
413684458626721fd696a906921e19076e76f2b0
-
SHA256
edaa93fc7ea81871421efd074ca4923fead6437e5c00aeca1a1d31d793ec97c1
-
SHA512
5dc87af315064e917ffeed307fb97eaff9dc8b301cdecea469aeb5f1162e74b4a01434adecc9600049efa92682487c739a292822cc01bfea879a41c4589ccfee
Static task
static1
Behavioral task
behavioral1
Sample
XLOQKH087654560780098765.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
iaop
http://www.georgeinnhatherleigh.com/iaop/
oosakichi.com
group1beadles.com
navegadorexclusivo.digital
awefca.xyz
strakerwilliams.com
stone-img.com
radialodge.com
tequesquitengo.net
humanegardens.com
rubberyporqjp.xyz
farazkhak.com
gfsexpornvideos.com
stealth-carrier.com
hemtpi.xyz
tygcj.com
agileiance.com
ioan316.com
kitchendesigns.xyz
shannacarolphotography.com
oheytech88.net
dashiter.com
zijinmenhu.com
dmfiller.com
amberchee.com
farmaciaepspllu.com
help-kmcsupport.com
naxek.com
yuumgo.academy
baopishuizhong.com
appcast-64.com
vpm-vektra.com
privygym.com
texascyclerepair.com
queerstakepool.com
maxicashprokil.xyz
enchantbnuyxc.xyz
heyunshangcheng.info
blockchainsupport.company
consultoriathayanechlad.com
cigreencig.com
enriquelopez.net
ultimateexitstrategy.com
jesuspodcast.biz
wecuxs.com
louroblottoyof2.xyz
12monthmillionairetraining.com
autoecoleamiens.com
kokko-kids.com
uniquecarbonbrush.com
fardaruilen.quest
generalcontractortheodoreal.com
kare-furniture.com
odnglobal.com
rihaltravels.com
jdlpcpa.com
websupportoutlook.com
sonyagivensrealty.com
johnmcnamaraimages.net
fa7777.xyz
northvisiondigital.com
docteurhouyengah.com
contactcenter7.email
lebenohnefleisch.com
sign-egypt.com
Targets
-
-
Target
XLOQKH087654560780098765.exe
-
Size
416KB
-
MD5
1a3bcd7f400b0d7a37166c1c5af7f886
-
SHA1
a654cdfc29951ac2e77af3fbbbd7160b5205c8f9
-
SHA256
fe63755f7b7c30e933cb3897136a75a7d1903ca044a04ef9bd91d426596f279d
-
SHA512
47974116e9b5b0cc6407fe7c651619b6fef5af7df0190d3b4e5c906a1520ed66ae7e4e1af6e578bf93af9dbd3625845678fd834aea15db9082dad2abbd77f69f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-