General
-
Target
Package Details.exe
-
Size
432KB
-
Sample
220119-ctm2laegfp
-
MD5
238a711fcfa7ed1c1556236e91227193
-
SHA1
fd5a53af42d006ba81383e4b4224d2b4807f3f01
-
SHA256
c08635756f84fd0564e081544cb5c5b2130d14b1a0965be3f971be131f401b70
-
SHA512
bda31ced6f234ff81e4957d297d29018caeed9053d5061505b84729118774885245b6fe2604dd010de3e6f81f7f39b78e2de5000d1a10d992c5b9d3974fffee3
Static task
static1
Behavioral task
behavioral1
Sample
Package Details.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
rexd
xn--2es77o3w1bruk.mobi
cotesaintetienne.com
newlifefoursquaremcpherson.com
solutions-consulting.biz
chsico.com
demeet.xyz
eiruhguijire.store
realestatemoda.com
amr-fire.net
99v.one
altdaita.com
showerbeast.com
nsfone.com
doanhnhanvietnam.info
xn--transfpanou-39a.com
invitiz.com
chifaebio.xyz
footprint-farm.com
onlinenurseprograms.com
tigeratlspa.com
troublewatermelon.space
juvesti.com
hunnii.one
collective4choice.com
casino-mate1.com
hairandspa-aimer-kadsume.com
pointconstructionservices.com
savagereviews.xyz
zhuangmengmeng.com
gicaredocs.com
victori-jaya.com
purifilt.net
live9words.com
x-teknoloji.com
thelocalworkers.com
nalainteriores.com
dream-mart.tech
maretta.info
empowermindbodystudios.com
creativenft.xyz
remembertheabbeygate.com
whistlergardencenter.com
jbmfg.net
tangerinecave.com
60thstreetdesserts.com
mxcpgj.com
nguoidantocvungcao.xyz
snowjamproductiosmedia.com
schencklab.com
sousouhenansheng.com
quirkysoul39.com
digitaleclipsegames.com
hayesvalleycondo409.com
ceremonydesigncompany.com
essaispsoriasisenfants-ca.com
borhanmarket.com
aerbounce.com
primebradescocadastro.com
bupis44.info
optmsg.com
khukhuanphongkham.com
bunnymoorellc.com
tminus-10.com
mytechmadesimple.com
loj-kits.xyz
Targets
-
-
Target
Package Details.exe
-
Size
432KB
-
MD5
238a711fcfa7ed1c1556236e91227193
-
SHA1
fd5a53af42d006ba81383e4b4224d2b4807f3f01
-
SHA256
c08635756f84fd0564e081544cb5c5b2130d14b1a0965be3f971be131f401b70
-
SHA512
bda31ced6f234ff81e4957d297d29018caeed9053d5061505b84729118774885245b6fe2604dd010de3e6f81f7f39b78e2de5000d1a10d992c5b9d3974fffee3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-