General
-
Target
583475.exe
-
Size
1.0MB
-
Sample
211027-rsz24ahbdr
-
MD5
721356bfa1f8c23d40f6b2ff77b55db0
-
SHA1
c4d25b17c64716f2e7558bd302cd901bd63757d8
-
SHA256
e876c1db90717ff0819f4fc578adace61decdad64963836ebc9ae983dc87a5d6
-
SHA512
a424419a3083ddf2e29eea8a058a3002bc0d1cd3cbb20b6db698c90f715aa1ea1d55bc3933aaa5b7bf17d04ecd80227b1acdb7cff02c4d1177f6909766dfb8c1
Static task
static1
Behavioral task
behavioral1
Sample
583475.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
uat8
http://www.eeeptou.xyz/uat8/
suddennnnnnnnnnnn47.xyz
fggj99.com
ojosnegroshacienda.com
tinyhollywood.com
marketersmeetup.com
anushreehomemadeproducts.online
appsdeals14.com
ocean-breath-retreat.com
subin-party.com
offroad.wiki
coryfairbanks.com
algurgpaint.net
k1snks.com
florakitchens.com
tollywoodbold.com
kzkidz.com
bequestporfze.xyz
tiplovellc.com
city-ad.com
strombolidefilm.com
789trangchu.xyz
transfer-news.pro
wtv864.com
seospiders.xyz
bargaingreat.com
clarysvillemotel.online
fbiicrc.com
pf-hi.com
perverseonline.com
hugevari.com
dilekcaglar.online
authorakkingsley.com
cloudlessinc.com
newjourneypro.com
vacuumcoolingsouthamerica.com
oursalesguide.com
shopsoulandstone.com
circularsmartcity.com
segwayw.com
tackle.tools
tech-franchisee.com
ff4c2m3vc.xyz
nlug.net
artofadhd.zone
xfqmwk.xyz
ossname.xyz
copost.net
kokosiborsel.quest
abbastanza.info
eyehealthtnpasumo4.xyz
mashburnblog.com
looped.agency
atlasgsllc.com
nimbleiter.com
nzaz2.xyz
varundeshpande.com
foodbevtech.com
cassandrajasmine.net
taxunite.com
hannahhirsh.com
stonebay.pizza
xh-kd.com
tealdazzleshop.com
wkpnmqfb.com
Targets
-
-
Target
583475.exe
-
Size
1.0MB
-
MD5
721356bfa1f8c23d40f6b2ff77b55db0
-
SHA1
c4d25b17c64716f2e7558bd302cd901bd63757d8
-
SHA256
e876c1db90717ff0819f4fc578adace61decdad64963836ebc9ae983dc87a5d6
-
SHA512
a424419a3083ddf2e29eea8a058a3002bc0d1cd3cbb20b6db698c90f715aa1ea1d55bc3933aaa5b7bf17d04ecd80227b1acdb7cff02c4d1177f6909766dfb8c1
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-