General
-
Target
SNO22 PriceLetter595406_RACX-159814.exe
-
Size
373KB
-
Sample
220120-mky3lshfaq
-
MD5
7692a9ecc1b4d092387cffe6faa8d762
-
SHA1
37e70527d40c881115036ae2de66e3685d3a8f10
-
SHA256
22c8527c55a52f56653e38bf1f2dbc8ccc06ab0f0ab16879138f30037b710b0a
-
SHA512
e0c02c683d444ad442c1758113f875687df702402270dc7705b1b12c49e8c88e82b022f88f8d5a1767a43fdcf0f41a2bdbf281703b9dc97c322dd2cf68ff765a
Static task
static1
Behavioral task
behavioral1
Sample
SNO22 PriceLetter595406_RACX-159814.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
p8ce
wishmeluck1.xyz
nawabumi.com
terra.fish
eoraipsumami.quest
awakeningyourid.com
csyein.com
tslsinteligentes.com
cataractusa.com
capitalwheelstogo.com
staffremotely.com
trashbinwasher.com
blaneyparkrendezvous.com
yolrt.com
northendtaproom.com
showgeini.com
b95206.com
almcpersonaltraining.com
lovabledoodleshome.com
woodlandstationcondos.com
nikahlive.com
sassholesentiments.com
bupis44.info
salahiheartclinic.com
loveandpersonality.com
electric-cortex.com
beijixing-zs.com
proper-sa.com
legacyfamilypartners.com
psidsamor.com
schotinderoos.com
kosma-concept.com
onitled.com
zscyyds.xyz
mannatgroups.com
radweb-demo.com
lambanghieuquangcao.info
antabatik.com
lerongclub.com
mobssvipshop.com
dr-walther.com
ibexitconsultants.com
cnyprospects.com
j9mkt64.com
archer-claims.com
lggrandinn.com
jowhp.com
outdoormz.store
cantikgroup.company
2brothersprinting.com
ginamodernart.com
koupeespen.quest
senerants.tech
designthrottle.com
emquality.com
cerulesafe.com
orascomservice.com
skinsotight.com
premiumconciergemarbella.com
cottagepor.xyz
gwayav.com
johnguidesyou.com
corporativokale.com
jskswj.com
xinico.info
gebaeudetechnik-burscheid.com
Targets
-
-
Target
SNO22 PriceLetter595406_RACX-159814.exe
-
Size
373KB
-
MD5
7692a9ecc1b4d092387cffe6faa8d762
-
SHA1
37e70527d40c881115036ae2de66e3685d3a8f10
-
SHA256
22c8527c55a52f56653e38bf1f2dbc8ccc06ab0f0ab16879138f30037b710b0a
-
SHA512
e0c02c683d444ad442c1758113f875687df702402270dc7705b1b12c49e8c88e82b022f88f8d5a1767a43fdcf0f41a2bdbf281703b9dc97c322dd2cf68ff765a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-