General
-
Target
SOA.exe
-
Size
258KB
-
Sample
211027-crangsabcm
-
MD5
9d806c39777c5c9fda47905df48b8851
-
SHA1
01bf9dbf205e2197f67d7a5b2eaf60f20d6785a1
-
SHA256
d9cee5cc1ff9b14e0c1604dfded72f085e39b1983c41b595660a60bfaab942b9
-
SHA512
0370634be0031d3b74bfdd772353d71afbdb5bfb7b8c4cba2bf34c355b6850202fb7f69c92ec6d625e18332effdad794a249ce89e71980908f0cd4c890311460
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
b2c0
http://www.thesewhitevvalls.com/b2c0/
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
Targets
-
-
Target
SOA.exe
-
Size
258KB
-
MD5
9d806c39777c5c9fda47905df48b8851
-
SHA1
01bf9dbf205e2197f67d7a5b2eaf60f20d6785a1
-
SHA256
d9cee5cc1ff9b14e0c1604dfded72f085e39b1983c41b595660a60bfaab942b9
-
SHA512
0370634be0031d3b74bfdd772353d71afbdb5bfb7b8c4cba2bf34c355b6850202fb7f69c92ec6d625e18332effdad794a249ce89e71980908f0cd4c890311460
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-