General
-
Target
IMG-78293792.rar
-
Size
339KB
-
Sample
220118-gs97ysaaak
-
MD5
22cf5232c80a624f025874d13ee26acc
-
SHA1
ec73ae04b6603ba5ab462f6e507dde45a6d5d3c5
-
SHA256
cd6a10ed726c2145da602a3f1de512a141fdb488be039ac0cb8b9eabf45b5775
-
SHA512
663b959a4d684aa7ad1e302abbe39d5a53b58e85289d9b3223f7ac56fc65414f8532bfb86485ca1e4cafe791f25ce8b79a8a7b2b7ba961e150ab85ac11962cc8
Static task
static1
Behavioral task
behavioral1
Sample
IMG-78293792.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
c6si
tristateinc.construction
americanscaregroundstexas.com
kanimisoshiru.com
wihling.com
fishcheekstosa.com
parentsfuid.com
greenstandmarket.com
fc8fla8kzq.com
gametwist-83.club
jobsncvs.com
directrealtysells.com
avida2015.com
conceptasite.net
arkaneattire.com
indev-mobility.info
2160centurypark412.com
valefloor.com
septembership.com
stackflix.com
jimc0sales.net
socialviralup.com
lastra41.com
juliaepaulovaocasar.com
jurisagora.com
drawandgrow.online
rebekahlouise.com
herport-fr.com
iphone13.webcam
appz-one.net
inpost-pl.net
promocion360fitness.com
global-forbes.biz
diamondtrade.net
albertcantos.com
gtgits.com
travel-ai.online
busipe6.com
mualikesubvn.com
niftyhandy.com
docprops.com
lido88.bet
baywoodphotography.com
cargosouq.info
newsnowlive.online
floridafishingoverboard.com
missnikissalsa.net
walletvalidate.space
kissimmeeinternationalcup.com
charterhome.school
gurujupiter.com
entertainmentwitchy.com
jokeaou.com
sugarmountainfirearms.com
iss-sa.com
smittyssierra.com
freedomoff.com
giftoin.com
realitystararmwrestling.com
salsalunch-equallyage.com
ladouba.com
thepropertygoat.com
bestofmerrick.guide
4the.top
regioinversiones.com
129qihu.com
Targets
-
-
Target
IMG-78293792.exe
-
Size
356KB
-
MD5
cb94f8bf4453d77ed35b4cccad18260c
-
SHA1
aeacb009addb2152c05a34537f565e66b32b25d2
-
SHA256
a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466
-
SHA512
7fb17a554481d5ff6c28edd4ee43b9306a8e59ac9f992a2b6d243b2d88eb9daa997bbf5be962f331c6ec282b15e4e67107c233691a6b05d317957072754f4135
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-