General
-
Target
Package Details.zip
-
Size
342KB
-
Sample
220119-z6sh6sdcfj
-
MD5
42e6850c5886d58e8d82f3dcee402a08
-
SHA1
aa7b9b58f426bb037add0e4d128665c5e1518497
-
SHA256
6fa123be3ada8b13e9d35cdc7d9f89e6f3bcb5737ac26c7cff9072bb4f6a8403
-
SHA512
c253f3f58e3936d2f7ad0bd65b258242e540a92a0fde75f0db35269fc66fe64cc79439d5524da94c845a64840babd36da6e3b6afa83099ffb1887f47e34659df
Static task
static1
Behavioral task
behavioral1
Sample
Package Details.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
rexd
xn--2es77o3w1bruk.mobi
cotesaintetienne.com
newlifefoursquaremcpherson.com
solutions-consulting.biz
chsico.com
demeet.xyz
eiruhguijire.store
realestatemoda.com
amr-fire.net
99v.one
altdaita.com
showerbeast.com
nsfone.com
doanhnhanvietnam.info
xn--transfpanou-39a.com
invitiz.com
chifaebio.xyz
footprint-farm.com
onlinenurseprograms.com
tigeratlspa.com
troublewatermelon.space
juvesti.com
hunnii.one
collective4choice.com
casino-mate1.com
hairandspa-aimer-kadsume.com
pointconstructionservices.com
savagereviews.xyz
zhuangmengmeng.com
gicaredocs.com
victori-jaya.com
purifilt.net
live9words.com
x-teknoloji.com
thelocalworkers.com
nalainteriores.com
dream-mart.tech
maretta.info
empowermindbodystudios.com
creativenft.xyz
remembertheabbeygate.com
whistlergardencenter.com
jbmfg.net
tangerinecave.com
60thstreetdesserts.com
mxcpgj.com
nguoidantocvungcao.xyz
snowjamproductiosmedia.com
schencklab.com
sousouhenansheng.com
quirkysoul39.com
digitaleclipsegames.com
hayesvalleycondo409.com
ceremonydesigncompany.com
essaispsoriasisenfants-ca.com
borhanmarket.com
aerbounce.com
primebradescocadastro.com
bupis44.info
optmsg.com
khukhuanphongkham.com
bunnymoorellc.com
tminus-10.com
mytechmadesimple.com
loj-kits.xyz
Targets
-
-
Target
Package Details.exe
-
Size
359KB
-
MD5
4019522baa665679c9064aaaaae3f5e4
-
SHA1
c7f7d7943a52d17d734ac36e34fcb3f1af91b625
-
SHA256
9374f50165184534add26466aaab6275130e442387cae74b3c4461db85ed456a
-
SHA512
1c9f6f04807d91792cfa3295c744b19762c76a1b5c8e710f3ff308ab85a9c95616257045872b2f9eef6976b0c9086cb5c72a0f7171faa050b7f92290688abb50
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-