General
-
Target
KONUgynwW37Tb1K.exe
-
Size
398KB
-
Sample
220117-w7sc1scbfj
-
MD5
bb040b47d2f6f564bb5fdb59ff610ced
-
SHA1
ff31a2d5284d43b4f2ffd27594bddf8352db3149
-
SHA256
425f5003a91d1ecced29d4e5a5746806d0b7d5d4a3833c13b88677a3c27eb0de
-
SHA512
c91949fea00e5cdddbee1daf914b1806f2b458a3bde2842f90d0f43d4e3247b952f8780443c4cce50c4c42c07ec32b4f514c87b427eca3a323087556b2eb7721
Static task
static1
Behavioral task
behavioral1
Sample
KONUgynwW37Tb1K.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
KONUgynwW37Tb1K.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
cbgo
tablescaperendezvous4two.net
abktransportllc.net
roseevision.com
skategrindingwheels.com
robux-generator-free.xyz
yacusi.com
mgav35.xyz
paravocecommerce.com
venkatramanrm.com
freakyhamster.com
jenaashoponline.com
dmozlisting.com
lorrainekclark.store
handyman-prime.com
thecrashingbrains.com
ukpms.com
livingstonemines.com
papeisonline.com
chrisbakerpr.com
omnipets.store
anatox-lab.fr
missingthered.com
himalaya-nepalorganic.com
bitcoin-bot.xyz
velarusbet78.com
redesignyourpain.com
alonetogetherentertainment.com
sandywalling.com
solacegolf.com
charlottesbestroofcompany.com
stefanybeauty.com
webarate.com
experiencedlawfirms.com
lyfygthj.com
monoicstudios.com
rgamming.com
mintique.pro
totalwinerewards.com
praelatusproducts.com
daniloff.pro
qmir.digital
tatasteell.com
casatowerofficial.com
sunrisespaandbodywork.com
mgav66.xyz
bastnbt.com
fabiulaezeca.com
sunmountainautomotive.com
madgeniustalk.com
elite-hc.com
billcurdmusic.net
foxclothings.com
adtcmrac.com
buresdx.com
tothelaundry.com
bitconga.com
onlinebiyoloji.online
up-trend.store
kaarlehto.com
interview.online
grantgroupproperties.com
jpmhomes.net
yinlimine.xyz
roadtrippings.com
cottoneworld.com
Targets
-
-
Target
KONUgynwW37Tb1K.exe
-
Size
398KB
-
MD5
bb040b47d2f6f564bb5fdb59ff610ced
-
SHA1
ff31a2d5284d43b4f2ffd27594bddf8352db3149
-
SHA256
425f5003a91d1ecced29d4e5a5746806d0b7d5d4a3833c13b88677a3c27eb0de
-
SHA512
c91949fea00e5cdddbee1daf914b1806f2b458a3bde2842f90d0f43d4e3247b952f8780443c4cce50c4c42c07ec32b4f514c87b427eca3a323087556b2eb7721
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-