General
-
Target
PO_#10292132.exe
-
Size
377KB
-
Sample
211029-jeyywahehj
-
MD5
026df37a937471af093a3e8bc8636b7b
-
SHA1
57d0b25b3dd1d648c710c3ff5e44041d39d0cafc
-
SHA256
28b77890ae9535db2da6bf03e7c41471d173b86fa67b907dafa38aede34fc148
-
SHA512
6efdd2b07055c93e9b18d169ed5f5a9d9aca550b76874ff36c1d6dc8687942bb401916463b85e410def704cdacb8e58d4311336605976bb3426439d557c698c0
Static task
static1
Behavioral task
behavioral1
Sample
PO_#10292132.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
op08
http://www.jjmpestman.com/op08/
youva.online
bbyyn1.xyz
cuttizy.com
octoorder.com
empiredigitaldating.com
giuseppedelcampo.com
kingstons.info
kwanta.info
soulworkerrush.com
sookrit.com
flambeauxartpottery.com
360metaverse.online
adnilm.com
interiordesignhampshire.com
bitpaynumber.support
aliancafm.com
tivohub.xyz
xn--ucy193f.com
smartmapom.com
thelifeofrileyelizabeth.com
marlissfilms.com
radio-fm63-riom.com
termlifeinsurancerates.website
eldoradocash.com
industrialrocketlamp.com
fritzsisland.com
xchange.direct
gesunde-felle.com
cannabis-entreprise.com
imagineyouarehome.com
minxsystem.com
buddeltown.store
themagentospecialist.com
clusterpushchile.com
iniciar-es.cloud
lexhire.com
halston4corners.com
seikotrader.com
picsedits.net
credit-suisse-csx.com
sensinfo.art
uncoverthesecrets.com
kidfromtherock.club
eyeque.center
jobportalsg.com
wxhhdc.com
9146dx.com
ces341.com
madgeniustalk.com
oilelm.com
icd10withai.com
aranzaval.com
byglz.com
jl129.com
comettelectric.com
high-clicks3.com
davidfettermd.com
yashjo.com
663198.com
xn--2z1b43tzub2whod1gw2m.com
ryanhelm.com
emkabodrum.com
erickdechavez.com
atlantamodernhomes.net
Targets
-
-
Target
PO_#10292132.exe
-
Size
377KB
-
MD5
026df37a937471af093a3e8bc8636b7b
-
SHA1
57d0b25b3dd1d648c710c3ff5e44041d39d0cafc
-
SHA256
28b77890ae9535db2da6bf03e7c41471d173b86fa67b907dafa38aede34fc148
-
SHA512
6efdd2b07055c93e9b18d169ed5f5a9d9aca550b76874ff36c1d6dc8687942bb401916463b85e410def704cdacb8e58d4311336605976bb3426439d557c698c0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-