General
-
Target
deac43fe9aefbcd9c0cc9366f8e7bb3d.exe
-
Size
878KB
-
Sample
211028-ta4cxagfbn
-
MD5
deac43fe9aefbcd9c0cc9366f8e7bb3d
-
SHA1
a3bfeef6b874d17f200d2a252e7c5105085998ac
-
SHA256
c5cc26741a66e28959229d6bfe5631990e7404561731ac4def76f0fb70a43475
-
SHA512
27d83316b1a66edf17ef7f885e2c04af52584cddf0e01e13b7c71c3448d814566f3549ea983be676057f731dd021109e287b04352b5c5734e5496a41d2c84e42
Static task
static1
Behavioral task
behavioral1
Sample
deac43fe9aefbcd9c0cc9366f8e7bb3d.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
upi8
http://www.dfwbcs.com/upi8/
portavella.net
wraphollywood.com
uodpik.website
1h30m.online
taziyesayfalari.net
bigredtrucking.net
thr33h3ad3ddragon.art
magentavar.com
crowliz.net
italianexpresshouston.com
laminaparfum.com
xn--espaol101-o6a.online
orderonlinegift.com
fittuning.com
jurisligne.com
palmbeachdb.com
vatikanlottery.com
worldtravelcostarica.com
treeplantco.com
veloci-cloud.com
bjfengshibing.com
standbyez.digital
heidiscuss.xyz
usbgdt.com
njkhmj.com
halloweensells.com
rocket-bet.net
cloudofthings.net
cosachgetolk.quest
outgenerallytap.xyz
terabyte-hosting.com
kkp72.com
thesugarlanding.com
orangeroofingcompany.com
investecholdingsuk.com
americanmamallc.com
dragondrax.com
riyiflower.com
szhemgc.com
kusum.group
daniellestienstra.com
jenniferseltz.com
salon-dolphin.com
isiticisizhavaperdesi.com
hsbgs-asia.com
crishantha.info
medio-news.store
preceslume.quest
franlend.com
gsjbd24.club
davantra.com
adornel.online
zopl-49boa.com
dashmints.com
keyakiya.com
yuanyindongman.com
once-only.info
icaterlunch.com
stafftaculer.net
wildcatweedbarrier.com
alexmorton.online
zylyt.com
esnadhc.com
cataractusa.com
Targets
-
-
Target
deac43fe9aefbcd9c0cc9366f8e7bb3d.exe
-
Size
878KB
-
MD5
deac43fe9aefbcd9c0cc9366f8e7bb3d
-
SHA1
a3bfeef6b874d17f200d2a252e7c5105085998ac
-
SHA256
c5cc26741a66e28959229d6bfe5631990e7404561731ac4def76f0fb70a43475
-
SHA512
27d83316b1a66edf17ef7f885e2c04af52584cddf0e01e13b7c71c3448d814566f3549ea983be676057f731dd021109e287b04352b5c5734e5496a41d2c84e42
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-