General
-
Target
DH146890Y.exe
-
Size
256KB
-
Sample
211029-nqzf1ahheq
-
MD5
acaef58b0bb5cb7965052d41570b5686
-
SHA1
1668c7470fe1c5d9330f66267d987b0e08b0f8ad
-
SHA256
4c382fc031bb1ca0e9e075fe60ec6ce335050799c3ebff9fea3bd1531f2aceae
-
SHA512
cf843e25a0c707bc0070913b2b240fb5818de2daefd1c76798b3538fbefb9da0b08bdbf58764c463385eb4876556b85c83b73643098bbffd32ac6b95bd8f4da6
Static task
static1
Behavioral task
behavioral1
Sample
DH146890Y.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
u5eh
http://www.retonamoss.com/u5eh/
tryafaq.com
bobcathntshop.com
oglead.com
026skz.xyz
brasbux.com
adna17.com
noveltyrofjiy.xyz
realestatecompanys.com
leman-web.com
df5686.com
jonathonhawkins.com
juliedominyfloralartistry.com
classyeventsco.com
aquaticatt.com
iotworld.xyz
hoc8.com
disposablediapers.store
peregovorim.online
advancebits.club
getaburialplan.com
tiger-trails.com
dnbaba.com
492981.com
eclipse-electrical-euless.com
cassandracchase.com
healthrightmeds.club
permkray.club
tawazoun-dz.com
extrabladet.com
offmanage.com
peoplexplants.com
mumkungiyim.com
personal-email-office-mgt.com
bjmysa.com
hopshomes.com
cnj-power.com
trendproduct.tech
chauffeuredaustralia.online
176ssjp0033.xyz
52juns.com
rewriringcanada.com
seabourneboats.com
sevensummittrek.com
retalent.agency
lz4ios.cloud
mindandbodyalignment.com
bedrijfmail-trk.com
bashmoney.net
xc3654.com
infiteltech.com
sh-hywz.com
huataiqche.com
grannyh.com
devinwithani.com
kingstons.info
fakedocshyundaigiveaway.com
bigsyncmusic.info
predstavnuk.com
frontiervalley8.com
timdpr.com
smartgymadmin.com
brsgeniusschool.com
tuckertractorworks.com
espchange.com
Targets
-
-
Target
DH146890Y.exe
-
Size
256KB
-
MD5
acaef58b0bb5cb7965052d41570b5686
-
SHA1
1668c7470fe1c5d9330f66267d987b0e08b0f8ad
-
SHA256
4c382fc031bb1ca0e9e075fe60ec6ce335050799c3ebff9fea3bd1531f2aceae
-
SHA512
cf843e25a0c707bc0070913b2b240fb5818de2daefd1c76798b3538fbefb9da0b08bdbf58764c463385eb4876556b85c83b73643098bbffd32ac6b95bd8f4da6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-