General
-
Target
xkp0987654334567890.exe
-
Size
290KB
-
Sample
211103-reeh8sbbcm
-
MD5
a2f208fe902bda1d7db8433e90277136
-
SHA1
d8c386f37550d52ec05e070a34e8ea442caaed6e
-
SHA256
3385d2ea5b6acf9926ae2f0df8179bc35a0ff85f552a79c85a7f11faebb91622
-
SHA512
74876318f69bf11185dfc3c17a6aa61f86803f80b543d8170ff29e85124667a50c4c1e18741313e0864f8a55db0160c12ffbf12107418effefd969ff6fb15de7
Static task
static1
Behavioral task
behavioral1
Sample
xkp0987654334567890.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
iaop
http://www.georgeinnhatherleigh.com/iaop/
oosakichi.com
group1beadles.com
navegadorexclusivo.digital
awefca.xyz
strakerwilliams.com
stone-img.com
radialodge.com
tequesquitengo.net
humanegardens.com
rubberyporqjp.xyz
farazkhak.com
gfsexpornvideos.com
stealth-carrier.com
hemtpi.xyz
tygcj.com
agileiance.com
ioan316.com
kitchendesigns.xyz
shannacarolphotography.com
oheytech88.net
dashiter.com
zijinmenhu.com
dmfiller.com
amberchee.com
farmaciaepspllu.com
help-kmcsupport.com
naxek.com
yuumgo.academy
baopishuizhong.com
appcast-64.com
vpm-vektra.com
privygym.com
texascyclerepair.com
queerstakepool.com
maxicashprokil.xyz
enchantbnuyxc.xyz
heyunshangcheng.info
blockchainsupport.company
consultoriathayanechlad.com
cigreencig.com
enriquelopez.net
ultimateexitstrategy.com
jesuspodcast.biz
wecuxs.com
louroblottoyof2.xyz
12monthmillionairetraining.com
autoecoleamiens.com
kokko-kids.com
uniquecarbonbrush.com
fardaruilen.quest
generalcontractortheodoreal.com
kare-furniture.com
odnglobal.com
rihaltravels.com
jdlpcpa.com
websupportoutlook.com
sonyagivensrealty.com
johnmcnamaraimages.net
fa7777.xyz
northvisiondigital.com
docteurhouyengah.com
contactcenter7.email
lebenohnefleisch.com
sign-egypt.com
Targets
-
-
Target
xkp0987654334567890.exe
-
Size
290KB
-
MD5
a2f208fe902bda1d7db8433e90277136
-
SHA1
d8c386f37550d52ec05e070a34e8ea442caaed6e
-
SHA256
3385d2ea5b6acf9926ae2f0df8179bc35a0ff85f552a79c85a7f11faebb91622
-
SHA512
74876318f69bf11185dfc3c17a6aa61f86803f80b543d8170ff29e85124667a50c4c1e18741313e0864f8a55db0160c12ffbf12107418effefd969ff6fb15de7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-