General
-
Target
PO#202110223.exe
-
Size
358KB
-
Sample
211028-qz8gdagdfr
-
MD5
83b2d40ea6befc3d84aa4a074b44d883
-
SHA1
92705faddead19db804e2c4d919f661afe0c3453
-
SHA256
6440e29b946df58c3cbd6ecdfb42ae88bb42d19b892bce094abf6834019c051f
-
SHA512
d018645af02a775f001ecf84ce06f0fe51f8df4c40902b5c1e570fa43bbb50ee9af86a86cc872f8f37a5860eb0729552435a8b862a4c3f17d85954b6c6c3d864
Static task
static1
Behavioral task
behavioral1
Sample
PO#202110223.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
op08
http://www.jjmpestman.com/op08/
youva.online
bbyyn1.xyz
cuttizy.com
octoorder.com
empiredigitaldating.com
giuseppedelcampo.com
kingstons.info
kwanta.info
soulworkerrush.com
sookrit.com
flambeauxartpottery.com
360metaverse.online
adnilm.com
interiordesignhampshire.com
bitpaynumber.support
aliancafm.com
tivohub.xyz
xn--ucy193f.com
smartmapom.com
thelifeofrileyelizabeth.com
marlissfilms.com
radio-fm63-riom.com
termlifeinsurancerates.website
eldoradocash.com
industrialrocketlamp.com
fritzsisland.com
xchange.direct
gesunde-felle.com
cannabis-entreprise.com
imagineyouarehome.com
minxsystem.com
buddeltown.store
themagentospecialist.com
clusterpushchile.com
iniciar-es.cloud
lexhire.com
halston4corners.com
seikotrader.com
picsedits.net
credit-suisse-csx.com
sensinfo.art
uncoverthesecrets.com
kidfromtherock.club
eyeque.center
jobportalsg.com
wxhhdc.com
9146dx.com
ces341.com
madgeniustalk.com
oilelm.com
icd10withai.com
aranzaval.com
byglz.com
jl129.com
comettelectric.com
high-clicks3.com
davidfettermd.com
yashjo.com
663198.com
xn--2z1b43tzub2whod1gw2m.com
ryanhelm.com
emkabodrum.com
erickdechavez.com
atlantamodernhomes.net
Targets
-
-
Target
PO#202110223.exe
-
Size
358KB
-
MD5
83b2d40ea6befc3d84aa4a074b44d883
-
SHA1
92705faddead19db804e2c4d919f661afe0c3453
-
SHA256
6440e29b946df58c3cbd6ecdfb42ae88bb42d19b892bce094abf6834019c051f
-
SHA512
d018645af02a775f001ecf84ce06f0fe51f8df4c40902b5c1e570fa43bbb50ee9af86a86cc872f8f37a5860eb0729552435a8b862a4c3f17d85954b6c6c3d864
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-