General
-
Target
PAGO 07132021.7z
-
Size
338KB
-
Sample
211028-v9m1msggdm
-
MD5
8ec98179169d06df68f49bc136b2aa52
-
SHA1
bfc83a5bb32f6e97e39c9ad7b6f9d95e6f17ed93
-
SHA256
77dcfbdfe92e2b51202b65a3a8edd533a2ec35a4a4553c9cb487354c086b0bb4
-
SHA512
94e065d65df1f1215a8558ffa002cc098c7297b310f8b0459386f8715a66e92f3f2b9082bde601bb1a02e990c844699501ab17817e6d7187c50c0bc6f2084b0e
Static task
static1
Behavioral task
behavioral1
Sample
PAGO 07132021.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
r3n5
http://www.keeyasmarketplace.com/r3n5/
peterjhill.com
bleednavy.com
a6d83.top
koudoula.store
albawardl.com
j-sdigitalekuns.net
0wzr2dglc.com
xd16880.com
safepostcourier.com
seuic.net
hainansousou.com
meuexamor.com
strategicthinking.coach
tabliqatbama.com
kidzplan.com
non-toxicnailpolish.com
bwgds.com
behindhereyesphotography.com
age-oldpklduy.xyz
lesconfidentialistes.paris
cornerstonepartners.online
bumidustores.com
vokalsnarbh.quest
regensburg-ferienwohnung.com
rogue-gear.com
blighttest.club
elephantspublications.online
locoboysco.com
nbl20.com
harunerdal.xyz
nailsofts.com
zhangyi.photography
farmavidacanarias.com
szqyuanzishi.com
governorslounge.net
bisoubox.com
fcjoke.com
talmkt.com
christinesyquia.com
lozanoygarcia.com
peolinkbroker.com
doskimen.art
wealth-mindset.com
covapa2.com
montclairbehavioral.com
atletofficial.com
endeavorgroupllc.net
kczu.net
beputis4.com
yshowmedia.com
steelresearchcentre.com
hpywk.com
realprestige.online
brightonpeople.com
wittig-technologies.com
sddn30.xyz
kungfupimps.com
xn--299akkrtr22f.com
lxrh.net
apexmakaluhydropower.com
mcpaintingco.com
nchh40.xyz
gwmetaverse.com
zakawsky.com
Targets
-
-
Target
PAGO 07132021.exe
-
Size
501KB
-
MD5
8b1970c679a37504e6b2825d8189b441
-
SHA1
5aef94a80a56f141a7587c1136fa529b7b3eeebc
-
SHA256
77dffb6d88fb330bdd578583657a9741897f2c94fea5881985a72ba16071cb21
-
SHA512
8c6974dd03c7c83542e3eacabea0a35101d19c853a2af06bb2a7be4176bbf945e26b9f2528859febb3d5521a220c74eb1287545803ff4df2cc94065d83576fd5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-