General
-
Target
KDUSC-PRO-MAINT-117-2021.exe
-
Size
779KB
-
Sample
211115-hpszyaedan
-
MD5
33b907210bb4d49062f0e2747ea08c6d
-
SHA1
db94c37b6bbe1177db007317c0dd8ddc4c84e68b
-
SHA256
ec967cb2eeeb76c7acaba88e1c3eb6f5fa39cedb54b4edbb17eb0087977d21ee
-
SHA512
18f0884e91c3b7d0feb024275bd5ab9bbe78cd1eb6eab333cbf4e603d45075d37b26b5256b6c5a65187299fce74c9a35c7a9f9655937569f589d731ce7a11998
Static task
static1
Behavioral task
behavioral1
Sample
KDUSC-PRO-MAINT-117-2021.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
u0n0
http://www.52xjg3.xyz/u0n0/
learnwithvr.net
minismi2.com
slimfitbottle.com
gzartisan.com
fullfamilyclub.com
adaptationstudios.com
domynt.com
aboydnfuid.com
dirtroaddesigns.net
timhortons-ca.xyz
gladiator-111.com
breakingza.com
njjbds.com
keithrgordon.com
litestore365.host
unichromegame.com
wundversorgung-tirol.com
wholistic-choice.com
shingletownrrn.com
kapikenya.com
kermmehienon.quest
harunowellness.com
avrknastyrke.quest
mpujadas.com
bonbyk.xyz
twozilla.com
abrahamguestacademy.com
canwasysce.com
cangshu76.xyz
clinicadeconsultanta.com
fazdesignmalta.com
localcommunityspace.com
subdlt.com
gothambody.net
tongtongticket.com
giadinhmarket.xyz
jessaniholdings.com
sebika.com
infinitygamesonline.net
denton4.com
ctenemuhos.quest
governerdsummerfun.com
69988.club
2pnlx3.biz
radhikamobilerajasen.online
myborntoshare.com
mdkfsdf.info
dj6688a.com
feelinthorny.com
minimart.digital
offprize.xyz
niallsinclair.com
iclouds.today
xn--80ajy8a.xn--80asehdb
marionutrishop.com
yanglaowenku.com
youngmotorist.com
unavidaparaserfeliz.com
linknhomkin.com
webwarez.net
sabrinaxmendes.com
nurix.agency
bancosabadellnow.com
totalpopsociety.com
Targets
-
-
Target
KDUSC-PRO-MAINT-117-2021.exe
-
Size
779KB
-
MD5
33b907210bb4d49062f0e2747ea08c6d
-
SHA1
db94c37b6bbe1177db007317c0dd8ddc4c84e68b
-
SHA256
ec967cb2eeeb76c7acaba88e1c3eb6f5fa39cedb54b4edbb17eb0087977d21ee
-
SHA512
18f0884e91c3b7d0feb024275bd5ab9bbe78cd1eb6eab333cbf4e603d45075d37b26b5256b6c5a65187299fce74c9a35c7a9f9655937569f589d731ce7a11998
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-