General
-
Target
T2812A.exe
-
Size
380KB
-
Sample
211029-n316cshhhj
-
MD5
a18f3c54efed2e42168d6748a5c04c16
-
SHA1
4aa01a7a9557d15ef251e1bd107ec821872549b1
-
SHA256
724908fa2c546fad14d2a687c9f471f75548903b2d94fb903d617570cedaef7f
-
SHA512
dcb020ff28a6d694a9c4e2eaf097413f4085f8f51663958defdbe465c1592e95a518063d2d401bae392363eacf1e4ab5a2e7993ac3f541fb8c4e4eb322ad6733
Static task
static1
Behavioral task
behavioral1
Sample
T2812A.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
snec
http://www.go2payme.com/snec/
sacramentoscoop.com
auroraeqp.com
ontactfactory.com
abenakigroup.com
xander-tech.com
cocaineislegal.com
carbondouze.com
louisvilleestatelawyer.com
sundaytejero.quest
arti-faqs.com
thisandthat.store
biodyne-el-salvador.com
18504seheritageoakslane.com
mfialias.xyz
whitestoneclo.com
6288117.com
oficiosuy.com
autogift.xyz
wallbabyshell.com
chaletlabaie.com
yy88kk.com
thepositiveenergycompany.com
personalexpressofertachegou.com
theoldplayground.com
aireapartmentsmsp.com
layfflj.com
xn--hss-s83bwm.com
tutoeasy.com
maintrove.com
changereferral.com
peanutl.com
portolaenterprise.com
vanscn.net
2wawaw16.me
gosatya.com
velocityphase.com
aprenda-sg-sst.com
dickinsonoutfitters.com
toptelecast-toreadtoday.info
argana.store
tagachiweb.com
bokepindoviral.com
nu865ci.com
thestogiestore.com
managexxxxx.com
japanskirt.com
leilaniheritage.com
m7chi.net
afjewelryaz.com
aset.guide
hx-banjin.com
foqenoa.store
kolkataescort.xyz
worldcrgenius.biz
stockandberry.com
ash-tag.com
orchestrated.design
point4sales.com
sattaking-delhiborder06.xyz
clear-rails.com
dentalpnid.com
ezekielgroup.com
17804maritimepoint101.com
qldrfb.com
Targets
-
-
Target
T2812A.exe
-
Size
380KB
-
MD5
a18f3c54efed2e42168d6748a5c04c16
-
SHA1
4aa01a7a9557d15ef251e1bd107ec821872549b1
-
SHA256
724908fa2c546fad14d2a687c9f471f75548903b2d94fb903d617570cedaef7f
-
SHA512
dcb020ff28a6d694a9c4e2eaf097413f4085f8f51663958defdbe465c1592e95a518063d2d401bae392363eacf1e4ab5a2e7993ac3f541fb8c4e4eb322ad6733
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-