General
-
Target
dump_2.exe
-
Size
163KB
-
Sample
211028-q9h98sgdhp
-
MD5
affd2e9e568d6d431cb872166ba00a97
-
SHA1
14d2752d408c3e825cdddeb9beb84de7c3434eed
-
SHA256
64a668add3d7f3bbcc0ef6acb25529c70df773d74e7e17a4a8fd8c95e81ee8bd
-
SHA512
e0c9fc9c14b83bbebe13441eb873b942f59c54b474c861980d37d45eb68b935b60fdc37952072fa2d927b11a0294f68050663e61656101843e6bb5eb1f479c5b
Behavioral task
behavioral1
Sample
dump_2.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
c8te
http://www.art-space.xyz/c8te/
solendshop.com
petanimals2021.com
infullylucky.com
advisormarketing.online
hgfdsx.com
bjshsq.com
43454255.xyz
newsexpressed.com
tenacityshipping.com
y-promotion.com
saltypigeon.com
acemodule.com
satisfaction-spa.com
evertownnyc.com
orgoheart.com
bankerszonemock.com
conveniente-prestamo.com
suprememodelmanagement.com
ego-designteam.com
mecanicotijuana.com
audioservers.com
the-show-off.com
architectemaroc.com
desertvalleyoutdoors.com
skyejewelryshop.com
slingplugrentals.com
xn--laksevg-jxa.com
protection-onepa.com
smartchemlawn.com
newday.blue
thewriterscorp.com
godaddys.xyz
carolinasdazoom.com
byemantarie.quest
shhysh.com
paypal-caseid198.com
navasoft.net
secureremoteworkforce.science
brandimise.com
weihelper.net
bcmegroupbrd.xyz
thegrillgrinders.com
perfectpcshop.com
thr33zi3.com
vuabunbo.com
lehtx.net
besrbee.com
thebossfrequency.com
mydenspace.com
657haber.com
fasteang.com
bymedia.media
absolutetrainingcentre.com
hackensacksalon.com
yhqm678pafc.com
shtfinc.net
hanbatang.com
jum-bled.xyz
feifenke.com
babe058.com
entrefinaera.com
engroconnects.com
wangyihao.xyz
ctlcloudfr.com
Targets
-
-
Target
dump_2.exe
-
Size
163KB
-
MD5
affd2e9e568d6d431cb872166ba00a97
-
SHA1
14d2752d408c3e825cdddeb9beb84de7c3434eed
-
SHA256
64a668add3d7f3bbcc0ef6acb25529c70df773d74e7e17a4a8fd8c95e81ee8bd
-
SHA512
e0c9fc9c14b83bbebe13441eb873b942f59c54b474c861980d37d45eb68b935b60fdc37952072fa2d927b11a0294f68050663e61656101843e6bb5eb1f479c5b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-