General
-
Target
GV8EJooYMIgEnEk.exe
-
Size
382KB
-
Sample
220128-tgt3tagccm
-
MD5
cf6d4fd3dc8e4751b7f89f857b618ef3
-
SHA1
15b95f0f1b5785bb7fd3d97757f3eea49d1f6951
-
SHA256
9689e8e0cf51b8b5c98ddb007636d8acf7e03c9cc8a7bf99aafdaaebae2dfb3a
-
SHA512
86af327caf1d55c8d3dd1e2319dcae1faaf7db82fb2fdce83999b0a4e5c6af2ce700fb0c69f568169110f04b9af6543e069aee59101370d6af060d8d4763d43f
Static task
static1
Behavioral task
behavioral1
Sample
GV8EJooYMIgEnEk.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
cbgo
tablescaperendezvous4two.net
abktransportllc.net
roseevision.com
skategrindingwheels.com
robux-generator-free.xyz
yacusi.com
mgav35.xyz
paravocecommerce.com
venkatramanrm.com
freakyhamster.com
jenaashoponline.com
dmozlisting.com
lorrainekclark.store
handyman-prime.com
thecrashingbrains.com
ukpms.com
livingstonemines.com
papeisonline.com
chrisbakerpr.com
omnipets.store
anatox-lab.fr
missingthered.com
himalaya-nepalorganic.com
bitcoin-bot.xyz
velarusbet78.com
redesignyourpain.com
alonetogetherentertainment.com
sandywalling.com
solacegolf.com
charlottesbestroofcompany.com
stefanybeauty.com
webarate.com
experiencedlawfirms.com
lyfygthj.com
monoicstudios.com
rgamming.com
mintique.pro
totalwinerewards.com
praelatusproducts.com
daniloff.pro
qmir.digital
tatasteell.com
casatowerofficial.com
sunrisespaandbodywork.com
mgav66.xyz
bastnbt.com
fabiulaezeca.com
sunmountainautomotive.com
madgeniustalk.com
elite-hc.com
billcurdmusic.net
foxclothings.com
adtcmrac.com
buresdx.com
tothelaundry.com
bitconga.com
onlinebiyoloji.online
up-trend.store
kaarlehto.com
interview.online
grantgroupproperties.com
jpmhomes.net
yinlimine.xyz
roadtrippings.com
cottoneworld.com
Targets
-
-
Target
GV8EJooYMIgEnEk.exe
-
Size
382KB
-
MD5
cf6d4fd3dc8e4751b7f89f857b618ef3
-
SHA1
15b95f0f1b5785bb7fd3d97757f3eea49d1f6951
-
SHA256
9689e8e0cf51b8b5c98ddb007636d8acf7e03c9cc8a7bf99aafdaaebae2dfb3a
-
SHA512
86af327caf1d55c8d3dd1e2319dcae1faaf7db82fb2fdce83999b0a4e5c6af2ce700fb0c69f568169110f04b9af6543e069aee59101370d6af060d8d4763d43f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-