General
-
Target
D2110-095.exe
-
Size
612KB
-
Sample
211028-rg2rjsgeaq
-
MD5
aa7b942191a7af2aedc1fcc8b7c7dc49
-
SHA1
bec76f18b177444f29b833d7339107bae35f6b86
-
SHA256
a47adcf646665dd6da56ff2530ecb1d48c0b50d49156e0d40ecbcfe14f250b88
-
SHA512
b6937a8d2a554cac28014dfd1b0f87a1c9d38d76b5d224033b018ad532a344086803034958ffbf449f73a7dbea88322bbd821c99473af85374e93a80e3592120
Static task
static1
Behavioral task
behavioral1
Sample
D2110-095.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
fg6s
http://www.leadgenteambyec2.online/fg6s/
fairshakeforfarmers.com
pierpontlaw.com
expertnomad.com
ishhs.xyz
quotextaiwan.com
thaivisapro.com
madrassat-al-manahil.com
whf5.xyz
dutchpetfelt.com
wizard-nt.store
edfneu.com
zf0.net
hbxft.com
hugevari.com
websitefast.online
maisoncb.com
lghl56.com
donajisf.com
alexandertaylorforhiggins.com
evaz2.xyz
tuosangnb.com
eddupdate-secure.com
engelskapiste.com
fleetizer.com
sapphireutil.com
alo360.net
viperhosting.net
capitandelamarina.com
santogin.com
talentoscomplementarios.com
justeatpay.com
drfarhad-amini.com
omnebrand.com
bedbugretrieverdogs.biz
forhims.jobs
artsyangela.art
guzzolawfirm.com
lavishbynovell.com
fuqoguiders.xyz
spaceameseu.xyz
texorse.website
lyric.group
wettybucket.com
jshntn.com
vamp4883.com
f2dr5e4eaf.xyz
makeposturebetterapp.xyz
clashgame.com
punyh.com
bookbqconspicuous.com
berkshirebrewers.com
hz7y6hsti7uj.biz
myadpwisely.com
destination-denver.com
phoenixphantoms.com
mrdanvillesafelocksmith.com
valleyelitecleaning.com
astairazur.xyz
decentralstream.com
doctorfly.mobi
3dpropertyinspection.com
eislamiceducation.net
aliensandzombieswarontitan.com
invalidmob.com
Targets
-
-
Target
D2110-095.exe
-
Size
612KB
-
MD5
aa7b942191a7af2aedc1fcc8b7c7dc49
-
SHA1
bec76f18b177444f29b833d7339107bae35f6b86
-
SHA256
a47adcf646665dd6da56ff2530ecb1d48c0b50d49156e0d40ecbcfe14f250b88
-
SHA512
b6937a8d2a554cac28014dfd1b0f87a1c9d38d76b5d224033b018ad532a344086803034958ffbf449f73a7dbea88322bbd821c99473af85374e93a80e3592120
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-