General
-
Target
jvDX48oGKQdeYMi.exe
-
Size
383KB
-
Sample
220127-l1nq5sagdj
-
MD5
99b9c988d90c490263510e46d63e1eb3
-
SHA1
8d805807d852e5e7746c995d3c0d7bdd6480ee9b
-
SHA256
e34c0a8218be6d3783e8cd61b8040b6b39004ad34e68c1cdb2f123b636e6b274
-
SHA512
ef837611568b5e8c2d6857a085e4bcf2f2f33a556819ade65fe1f4301c5de9c6cf3165d79c90ad9c6a9ddae431c17cb26438c6dc5684d76e4202f17ef2b33327
Static task
static1
Behavioral task
behavioral1
Sample
jvDX48oGKQdeYMi.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
wdc8
mygotomaid.com
joyoushealthandwellnessspa.com
wefundprojects.com
magicbasketbourse.net
vitos3.xyz
oligopoly.city
beauty-bihada.asia
visitnewrichmond.com
crgeniusworld.biz
bantasis.com
transsexual.pro
casagraph.com
eastjamrecords.com
howtotrainyourmustache.com
heiappropriate.xyz
bataperu.com
ces341.com
prajahitha.com
manuelagattegger.com
wolfpackmotorcycletours.com
yulietrojas.com
dariven.com
dd13thsept.net
kalpeshvasoya.com
theavarosecollection.com
bloody-randoms.com
yngo-arca.com
dealsoffer.xyz
marellaweddingplanner.com
seowongoopain.com
omightygod.com
dqblog.net
thethreadedbrow.com
medflex.center
filpify.com
chaletxp.com
santanderburge.com
171341.com
shannongroves.com
sisoow.quest
harleybowd.com
cardioflextech.com
exspv.com
permianbasinautismacademy.info
gardenchipvip.com
onsitemarketingsolutions.com
cvwerg.com
theketocopywriter.com
telarte-ceramicas.com
j2ig529zbahs.biz
oxygenii.com
extralegally.info
hbdlaq.com
themountainkings.com
fibliz.com
skyrangersfoundation.com
forbabylon.net
weilaiyitj.com
supplementstoreryp.com
thehappyartnook.com
houzzcoin.com
heyitsnew.com
jonnystokes.com
venuesgrantprogram.com
hamiltonrealestate.online
Targets
-
-
Target
jvDX48oGKQdeYMi.exe
-
Size
383KB
-
MD5
99b9c988d90c490263510e46d63e1eb3
-
SHA1
8d805807d852e5e7746c995d3c0d7bdd6480ee9b
-
SHA256
e34c0a8218be6d3783e8cd61b8040b6b39004ad34e68c1cdb2f123b636e6b274
-
SHA512
ef837611568b5e8c2d6857a085e4bcf2f2f33a556819ade65fe1f4301c5de9c6cf3165d79c90ad9c6a9ddae431c17cb26438c6dc5684d76e4202f17ef2b33327
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-