General
-
Target
Enquiry Reference Number 0025559278.zip
-
Size
379KB
-
Sample
211108-hx815agfdr
-
MD5
9654f165b29cc030d36b414d3c445734
-
SHA1
40c9fd4becfaea27f112f31dbe50fd309af0c7f7
-
SHA256
9afdb99019075297859112547af462379993b79cbae5f8f9076952c6f088646c
-
SHA512
cb79ba30f668676387638074ab9f33d618e7393e9bcf6cae403823ca033eac2f0f7f4e50fc1a7e5a31114b2195727775e936b8c8d8cf0c9d49ecfcfb967a23ac
Static task
static1
Behavioral task
behavioral1
Sample
Enquiry Reference Number 0025559278.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
u0n0
http://www.52xjg3.xyz/u0n0/
learnwithvr.net
minismi2.com
slimfitbottle.com
gzartisan.com
fullfamilyclub.com
adaptationstudios.com
domynt.com
aboydnfuid.com
dirtroaddesigns.net
timhortons-ca.xyz
gladiator-111.com
breakingza.com
njjbds.com
keithrgordon.com
litestore365.host
unichromegame.com
wundversorgung-tirol.com
wholistic-choice.com
shingletownrrn.com
kapikenya.com
kermmehienon.quest
harunowellness.com
avrknastyrke.quest
mpujadas.com
bonbyk.xyz
twozilla.com
abrahamguestacademy.com
canwasysce.com
cangshu76.xyz
clinicadeconsultanta.com
fazdesignmalta.com
localcommunityspace.com
subdlt.com
gothambody.net
tongtongticket.com
giadinhmarket.xyz
jessaniholdings.com
sebika.com
infinitygamesonline.net
denton4.com
ctenemuhos.quest
governerdsummerfun.com
69988.club
2pnlx3.biz
radhikamobilerajasen.online
myborntoshare.com
mdkfsdf.info
dj6688a.com
feelinthorny.com
minimart.digital
offprize.xyz
niallsinclair.com
iclouds.today
xn--80ajy8a.xn--80asehdb
marionutrishop.com
yanglaowenku.com
youngmotorist.com
unavidaparaserfeliz.com
linknhomkin.com
webwarez.net
sabrinaxmendes.com
nurix.agency
bancosabadellnow.com
totalpopsociety.com
Targets
-
-
Target
Enquiry Reference Number 0025559278.exe
-
Size
744KB
-
MD5
cd9435966d20de265bc5f6f40daff4a3
-
SHA1
76cb2ab21a6009275ba3dcbe256a15a211833f35
-
SHA256
45790f1cc3cb37ecfe541981ddf9d25684d92576cceb6bdb809f345014de84f0
-
SHA512
95b3749be5950d52c3124df37971a0d03f3c7dd10168df13d9d2a2e523f6c435e51866207d9263f12164d86ab9e310ad098175ef59b9f1d83c678197cb44d528
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-