General
-
Target
4.exe
-
Size
256KB
-
Sample
211022-lxl35sccgp
-
MD5
29d0b6279f089be56d380d9c25e067e6
-
SHA1
878937fc1ca21147f55cc5c2770cfba75c1de743
-
SHA256
5273e82ad04676a987885f83791ae7fa779a6e72fd2608882ca4f1d2a1673ed2
-
SHA512
a9d2c0c1de41a50106b382c45671b8fc03291790c74022da6f7b89b80b518f34a53a87c0f311ac2d89c59a87bdc056399fd24891760268c92ef74f3b59d36c7d
Static task
static1
Behavioral task
behavioral1
Sample
4.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
w240
http://www.palisadesburgers.com/w240/
deathgummys.com
accentuable.info
logisticairpetrelocators.com
playdropmats.com
ewshop.club
bislists.com
pkkjoo.net
goldenkaktus.com
bigspiderproductions.com
funessences.com
gimpydogproductions.com
motivatedmarketinggroup.com
bjadd.com
2ux3ms.com
zafzi.com
oldmanemailplan.xyz
quotexlibya.com
mobco.store
stofferogbo.kim
akidsguidetotheworld.com
rubiotravel.com
dcmr-ns.com
cetalimited.com
salon-nsk.com
allinvtesler.info
ccfuydao.com
fotorestaurante360.com
expatinternetphone.com
aeb-global.net
bjhsthkj.com
616671.com
hhdopg.xyz
maleaou.com
la-invisible.com
mobliranrad.com
fideicomisario.com
texorse.website
xcdy1818.com
chaosmatheclub.com
yabateam.com
trevoreckhoff.com
sheaselectricla.com
818recordsllc.com
onchainanimals.com
groupe-oden.net
ranbix.com
temppou.com
generalcorporations.net
thesunnysoulsisters.com
610crew.com
schmetterlingimmobilien.com
nas-jinsung.com
customapronsnow.com
porsedanbe.xyz
portjob63.com
viajeroscuriosos.com
swisstrustcitybank.com
mmxohs.com
nanobiotechlabs.com
scorpionproductionsbymk.com
dev-projectmanagement.com
xaaz2.xyz
13lee.com
appcoinsupport.services
Targets
-
-
Target
4.exe
-
Size
256KB
-
MD5
29d0b6279f089be56d380d9c25e067e6
-
SHA1
878937fc1ca21147f55cc5c2770cfba75c1de743
-
SHA256
5273e82ad04676a987885f83791ae7fa779a6e72fd2608882ca4f1d2a1673ed2
-
SHA512
a9d2c0c1de41a50106b382c45671b8fc03291790c74022da6f7b89b80b518f34a53a87c0f311ac2d89c59a87bdc056399fd24891760268c92ef74f3b59d36c7d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-