General
-
Target
Se adjunta el pedido, proforma.exe
-
Size
714KB
-
Sample
211125-s9x5haffem
-
MD5
deea7525a547ed7a9ef6c81b04478f3e
-
SHA1
b29c935913a55c9bad3979d05d97a6ebda871604
-
SHA256
413e8df7f149aa643aaa1ef70e953ab2112827b652f1cf05b6420ed6a119962d
-
SHA512
ddb161a25bdc6465ddba19c8781773006e8cbf7b8e909aae20eb4cc577b085c72d75bed40b0d4ab2363003759a344b1aad2235381ab3c10043b3e47e2ee9f139
Static task
static1
Behavioral task
behavioral1
Sample
Se adjunta el pedido, proforma.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
euv4
http://www.rematedeldia.com/euv4/
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
Targets
-
-
Target
Se adjunta el pedido, proforma.exe
-
Size
714KB
-
MD5
deea7525a547ed7a9ef6c81b04478f3e
-
SHA1
b29c935913a55c9bad3979d05d97a6ebda871604
-
SHA256
413e8df7f149aa643aaa1ef70e953ab2112827b652f1cf05b6420ed6a119962d
-
SHA512
ddb161a25bdc6465ddba19c8781773006e8cbf7b8e909aae20eb4cc577b085c72d75bed40b0d4ab2363003759a344b1aad2235381ab3c10043b3e47e2ee9f139
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-