General
-
Target
0f829c2b.exe
-
Size
395KB
-
Sample
211023-jka41adbcj
-
MD5
262b2ede4b3d2200a6a872d56b01b977
-
SHA1
0e05ff778e66af0955704da33db40bc72748b8c9
-
SHA256
0f829c2b93c955c1387a08ff4b7c220f04170ab7e224e7907e2b7e76aa5ef99e
-
SHA512
f6fbfee872623b38d956fe90b054585f9b62b42b553ec18180b0f65ee62cd190ad04fd75227088a944991b44948ea051c2cfc5fdbe5e280eb9d6f3d2731629ca
Static task
static1
Behavioral task
behavioral1
Sample
0f829c2b.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
ujaz
http://www.zurnwater.com/ujaz/
thehastyeinstitute.com
xisougou.com
binbin-ads.com
cellosalepage.com
tentarteconessen.com
easy-cleaner.com
product-review.club
techdigital.global
bitchesheartpickles.com
thekissclubltd.com
kryptoxchange.net
eighthundredthousand.info
companyintelapp.com
newswit.xyz
davidlissoni.com
lapassionara.com
energistichealth.com
av1tv.com
caofuqi.com
beatniq-scasset.com
fmhra.online
wattsandknots.com
gamerzincorporated.com
goldforcapgemini.com
fu9922.com
creaminpasteleria.com
dwyka.art
anthonyvid.xyz
aazxsgrt.club
aircoolservices.online
exsalon.com
irvingtonlumber.com
eatnewlyone.xyz
drivdev.net
poteconomist.com
adrift-affair.com
altona63.com
msbarker.com
voedseitobacco.com
pserotica.info
canakkaleescort6.xyz
interestingstore.store
exemptproof.com
86club.asia
hathse.com
lfgaliu.club
rbarraza.xyz
manualsurety.online
zasniekrabic.quest
officetaibo.com
lightfirefly.com
fabuliciousfashion.com
micmar.online
tigeratlspa.com
freshfoodservicebd.com
spiritpriest.com
globalscience-co.com
edufreetime.com
megacomixpublishing.com
3rdsourcegaming.com
creditcardscentersusaweb.com
bismanagement.com
associatesmusic.com
wendw.xyz
Targets
-
-
Target
0f829c2b.exe
-
Size
395KB
-
MD5
262b2ede4b3d2200a6a872d56b01b977
-
SHA1
0e05ff778e66af0955704da33db40bc72748b8c9
-
SHA256
0f829c2b93c955c1387a08ff4b7c220f04170ab7e224e7907e2b7e76aa5ef99e
-
SHA512
f6fbfee872623b38d956fe90b054585f9b62b42b553ec18180b0f65ee62cd190ad04fd75227088a944991b44948ea051c2cfc5fdbe5e280eb9d6f3d2731629ca
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-