General
-
Target
4tWrWVF8FkB9IrJ.exe
-
Size
414KB
-
Sample
220127-rx1jesecep
-
MD5
edcc11c57c2fb4d186e43c373e26767e
-
SHA1
9213cc1be29f552bb97312cba2d7976a682c77bb
-
SHA256
72417f2e53964171cecc3819ad3033955ef54b7eb0d7cb542fe089d4f19c5f5d
-
SHA512
efafe40f26016e6e7853b94f43431b29ce75cf14c92feba4f15cadcd9fd18080d0b770e0dbbff992616d0842c6d5d6c661151cc6776fae3cb6d2d49cb6e6476e
Static task
static1
Behavioral task
behavioral1
Sample
4tWrWVF8FkB9IrJ.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
cbgo
tablescaperendezvous4two.net
abktransportllc.net
roseevision.com
skategrindingwheels.com
robux-generator-free.xyz
yacusi.com
mgav35.xyz
paravocecommerce.com
venkatramanrm.com
freakyhamster.com
jenaashoponline.com
dmozlisting.com
lorrainekclark.store
handyman-prime.com
thecrashingbrains.com
ukpms.com
livingstonemines.com
papeisonline.com
chrisbakerpr.com
omnipets.store
anatox-lab.fr
missingthered.com
himalaya-nepalorganic.com
bitcoin-bot.xyz
velarusbet78.com
redesignyourpain.com
alonetogetherentertainment.com
sandywalling.com
solacegolf.com
charlottesbestroofcompany.com
stefanybeauty.com
webarate.com
experiencedlawfirms.com
lyfygthj.com
monoicstudios.com
rgamming.com
mintique.pro
totalwinerewards.com
praelatusproducts.com
daniloff.pro
qmir.digital
tatasteell.com
casatowerofficial.com
sunrisespaandbodywork.com
mgav66.xyz
bastnbt.com
fabiulaezeca.com
sunmountainautomotive.com
madgeniustalk.com
elite-hc.com
billcurdmusic.net
foxclothings.com
adtcmrac.com
buresdx.com
tothelaundry.com
bitconga.com
onlinebiyoloji.online
up-trend.store
kaarlehto.com
interview.online
grantgroupproperties.com
jpmhomes.net
yinlimine.xyz
roadtrippings.com
cottoneworld.com
Targets
-
-
Target
4tWrWVF8FkB9IrJ.exe
-
Size
414KB
-
MD5
edcc11c57c2fb4d186e43c373e26767e
-
SHA1
9213cc1be29f552bb97312cba2d7976a682c77bb
-
SHA256
72417f2e53964171cecc3819ad3033955ef54b7eb0d7cb542fe089d4f19c5f5d
-
SHA512
efafe40f26016e6e7853b94f43431b29ce75cf14c92feba4f15cadcd9fd18080d0b770e0dbbff992616d0842c6d5d6c661151cc6776fae3cb6d2d49cb6e6476e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-