General
-
Target
074991cefc03a7683cb3c81e83c383010f45c130fdc6dafa13469bfffaf87867
-
Size
737KB
-
Sample
220128-k1rx5aacep
-
MD5
6ae185ce909f0b66306100824c28bad1
-
SHA1
5f23a2d4b2c564c95606e537e557aa8251087746
-
SHA256
074991cefc03a7683cb3c81e83c383010f45c130fdc6dafa13469bfffaf87867
-
SHA512
01931c4d70f045957aa012a8912f483e11e0f069cee8fd304acc4cb7e44c838abbe1ea870d0e13ef8573967845ab2e1102d47eb76ce6b688904ceacaa8258ef7
Static task
static1
Malware Config
Extracted
xloader
2.5
ahc8
methodicalservices.com
lojahelius.com
dxadxc.com
keshaunharris.club
hockeyengolfshop.online
sherranmanning.com
instylelimos.net
plick-click.com
tntexplode.com
movement-practice.net
nftlake.digital
134171.com
newhorizonseo.com
lm-solar.com
fahrrad-markt24.com
creatologiest.com
juststartmessy.com
sady-rossii-ural.com
blockchain-salt.com
bestoflakegeorge.guide
infinitymoversllc.com
javelephant.com
promocaozeraestoque.online
p60p.com
kreditineskorteleslt.com
chronicfit.store
onzep.store
shafiqandmudasir.com
vivemanku.online
chengfengdh.xyz
bets-bc-zrkqf.xyz
cellparts10.com
guardions.com
talenue.store
graffity-aws.com
buddingwsetcg.top
erikakorma.com
playex.ltd
jamaicarailways.com
nfthunter.art
ml-pilot.com
athleteteas.com
ruthdeliverance.info
medicmir.store
procurovariedades.com
undermour01.club
sneakeryeezy.com
dallmann.info
edm69.net
micj7870.com
silviomicalikush.xyz
activa.store
adeelnawaznj.com
travispilat.com
mercyships.kiwi
amazon939.com
talenterzllc.com
sbxip.com
phasernet.net
taggalla.com
pbspoolservices.com
34gjm.xyz
nuevochile.net
busdijogja.com
fyonkaly.com
Targets
-
-
Target
074991cefc03a7683cb3c81e83c383010f45c130fdc6dafa13469bfffaf87867
-
Size
737KB
-
MD5
6ae185ce909f0b66306100824c28bad1
-
SHA1
5f23a2d4b2c564c95606e537e557aa8251087746
-
SHA256
074991cefc03a7683cb3c81e83c383010f45c130fdc6dafa13469bfffaf87867
-
SHA512
01931c4d70f045957aa012a8912f483e11e0f069cee8fd304acc4cb7e44c838abbe1ea870d0e13ef8573967845ab2e1102d47eb76ce6b688904ceacaa8258ef7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-