General
-
Target
598247.pdf.7z
-
Size
345KB
-
Sample
211108-xv42qaaaam
-
MD5
9a314a10b97ec9ed3953bd602720b376
-
SHA1
4da343ed34c1c7e4762a9c19819dd5016b4a68fd
-
SHA256
f3d87a9bb0aa8398f346833ef3e9785f00b20a10839829813b52058f6038062f
-
SHA512
a79191182debc2b599bace2909996cf3d0fd9d18d902556923472abedacd0345d0b8f1d4834f6777d9f20d7c9be220110c68b950d17c5b12a20d5911f14ea10f
Static task
static1
Behavioral task
behavioral1
Sample
598247.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
uat8
http://www.eeeptou.xyz/uat8/
suddennnnnnnnnnnn47.xyz
fggj99.com
ojosnegroshacienda.com
tinyhollywood.com
marketersmeetup.com
anushreehomemadeproducts.online
appsdeals14.com
ocean-breath-retreat.com
subin-party.com
offroad.wiki
coryfairbanks.com
algurgpaint.net
k1snks.com
florakitchens.com
tollywoodbold.com
kzkidz.com
bequestporfze.xyz
tiplovellc.com
city-ad.com
strombolidefilm.com
789trangchu.xyz
transfer-news.pro
wtv864.com
seospiders.xyz
bargaingreat.com
clarysvillemotel.online
fbiicrc.com
pf-hi.com
perverseonline.com
hugevari.com
dilekcaglar.online
authorakkingsley.com
cloudlessinc.com
newjourneypro.com
vacuumcoolingsouthamerica.com
oursalesguide.com
shopsoulandstone.com
circularsmartcity.com
segwayw.com
tackle.tools
tech-franchisee.com
ff4c2m3vc.xyz
nlug.net
artofadhd.zone
xfqmwk.xyz
ossname.xyz
copost.net
kokosiborsel.quest
abbastanza.info
eyehealthtnpasumo4.xyz
mashburnblog.com
looped.agency
atlasgsllc.com
nimbleiter.com
nzaz2.xyz
varundeshpande.com
foodbevtech.com
cassandrajasmine.net
taxunite.com
hannahhirsh.com
stonebay.pizza
xh-kd.com
tealdazzleshop.com
wkpnmqfb.com
Targets
-
-
Target
598247.exe
-
Size
653KB
-
MD5
427b099e2d6546e11494814d8d0126a5
-
SHA1
37c5784a809b01347baf257e35ead87bd5881136
-
SHA256
9fc6b8bacb3a9190b338a07a2c35412fb0da553edd81b65190fce45883911d19
-
SHA512
2de164c0cbef16122209cefbe7a63c74ff1054f1a443336a9fcd70599aada4ef8829e12e1b7759e5cdf5088c8309d472de6dd2c30310aa234d7d33a513ad2c6d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-