General
-
Target
triage_dropped_file
-
Size
941KB
-
Sample
211025-m7ex9aghfl
-
MD5
538af9b3eb449aaf53eeaf6ecf3c4037
-
SHA1
edc27955b5d2388c7a2b792721941d2c270eac5a
-
SHA256
de43df6bd459b56aec0cd86e0873cc0c5b556e08547e2b9ea79082c44d9b7220
-
SHA512
a5eb2c410f8669bfb744158d459fe69221649d444394958774f2d91b7082c6537f798114ca51b395d7fe35db634cf41b86d6b7bb589ee17e0acd688bfea17ba3
Static task
static1
Behavioral task
behavioral1
Sample
triage_dropped_file.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
fpdi
http://www.walletwriter.space/fpdi/
jencio.com
b9jty7.com
banahinvestments.com
capitolfurniture.net
jlvip1086.com
pompeyocargo.com
designbyshubhi.info
elbauldepecas.com
bracelexx.online
advanceporbrx.xyz
ruihongco.com
wipemirecord.com
goodfoodsme.com
sommpick.com
rangilugujarat.com
realestate5g.com
spunkdlashes.com
palisadestahoehousing.com
brandingsocal.com
privatejetsboston.com
strataguide.com
pragmatismtoday.com
teslapro1.com
picturebookoriginals.com
nbrus.com
lafon-fr.com
studyallenergy.com
opensourcedao.com
cerulecode.com
c2spreader.info
hamiker.com
slimming-belt.store
myraandmarlow.com
sellanycar.online
mokkaoffice.com
strazde.com
haharate.quest
xgustify.xyz
sisoow.rest
awesomeclub98.club
ashleymariephotographyllc.com
mobilethaimassageatl.com
petswastepickup.com
eco1tnpasumo1.xyz
social-nudge.com
osmorobotics.com
99044222.com
xuebaousa.com
madisonbroadband.com
lisworldart.com
tzuzulcode.com
gonzagacargo.com
kanpekisien.com
currysrilanka.com
designedairservices.com
sato76.com
weinsteinanddouglas.com
gearella.com
tes5ci.com
obatkuatsemarang.xyz
tdaiarquitectura.com
reshawna.com
pfmtime.com
eastendfinancial.com
Targets
-
-
Target
triage_dropped_file
-
Size
941KB
-
MD5
538af9b3eb449aaf53eeaf6ecf3c4037
-
SHA1
edc27955b5d2388c7a2b792721941d2c270eac5a
-
SHA256
de43df6bd459b56aec0cd86e0873cc0c5b556e08547e2b9ea79082c44d9b7220
-
SHA512
a5eb2c410f8669bfb744158d459fe69221649d444394958774f2d91b7082c6537f798114ca51b395d7fe35db634cf41b86d6b7bb589ee17e0acd688bfea17ba3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-