General
-
Target
SOA[1].r15
-
Size
510KB
-
Sample
211025-k3ck8agham
-
MD5
0c48ec3f7bc26f4995b5dd4324fdbe87
-
SHA1
740db2e57a1e10b5d29d001ef903d95157db70c4
-
SHA256
3ed36b8022b12ec4f03856980ae7bcbdd4b0e192bc7c0dbf4b4c190e24b5eac0
-
SHA512
a2129a397bb2e57482933cc9943ae735834ac7b35584ef15f3099b5080d47537e7fb39efe01d11b6cfc75d03feca52d52a87ea3b063be48539ab59168e571ba4
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.3
imm8
http://www.hideserthealthinsurance.com/imm8/
ewgnkxdgtqfspem.com
patxipiruli.com
eejy.ltd
parc-pro.com
kdcindia.com
dimathi.com
majesticreinsstable.com
zhaoyun.xyz
starfroot.com
dikanwang.com
420moxielane.com
danilaschembri.com
stablecoinreviews.com
camham.co.uk
happyspaces4life.com
ivonina.com
businesszukai.com
dietkusimple.com
nomeasureu.com
youthcampresources.com
drukerlawny.com
oryet.com
galaxytangkasapk.com
sponge-bucket.com
lifebond-snax.website
skesma.com
remotepowers.com
hnjcnc.com
150s1300e.com
switch-on.education
qdrotorcomp.com
beautybymacyy.com
buddymatic.com
artbydomy.com
collectorcoin.mobi
kanchanaburiclub.com
btcelevator.net
yzyj18.com
vaginalab.com
broadcastvc.com
hauntedbog.com
zhzf.net
monitorfreak.net
datsimdep.com
impactusstudio.com
meubernoulli.com
semuadarikayu.com
truetransitcorporation.com
bobbooker.com
swauc.tech
freshknittingdesigns.com
108stitchesokc.com
dimestacker.net
mjinterests.com
invistaemstudiossp.com
hearttoheart.gifts
itawrapfashion.com
kgzzsx.com
vacationadv.com
thesagtanigroup.com
topdex.info
micachapita.com
juanrevilla-dogtraining.com
anyentechnology.com
Targets
-
-
Target
SOA.exe
-
Size
580KB
-
MD5
a0661a2081100ffcb2a6f012237c4955
-
SHA1
2331112fa3c9357aaba68c3d7402b112c705c72a
-
SHA256
11f0960531aa51e1fc9e04c007c60d731d309baa35e90d9d4e9c49feff74d47d
-
SHA512
dd3173fd770ec1601a6b454d450ce8118c596b3e72ead12c79df5f3dd4165be9892b8273775b9da1aa6136a55898bfb31a4da2c16e15303b402c00e9b117b774
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-