General
-
Target
746c34e640e375df7f39ff7ffb87f87d612e54f535800aaef17a454c12d7c0cd
-
Size
1.2MB
-
Sample
220130-amgj5abhej
-
MD5
a54009d23beb4eb2309f92c5e30c4369
-
SHA1
09a21bd10b8b508810162cc6c72e1b765cb471e7
-
SHA256
746c34e640e375df7f39ff7ffb87f87d612e54f535800aaef17a454c12d7c0cd
-
SHA512
b4e7240b47aee4845c2fc739762afaac3c19cd68c7008dc0891c6344965f7885ce78a8375fd6954bf3a782b92093af0dcd279b85a860ec773700b5d6d5da5dfc
Static task
static1
Behavioral task
behavioral1
Sample
PO6312.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
hpin
lalashealingplace.com
melaniealdridgephotography.com
ss3369.com
career-bliss.com
handelbabu.quest
larryhover.com
xyz-vr.xyz
telvicedemo.net
aaakk95.com
follow-er.com
thepiwarrior.com
dgltqd.com
dailyswee.com
tonymoney.net
earthsidesoulalchemist.com
meditatieleeuwarden.online
blancorealtor.com
xn--erhardlohmller-psb.gmbh
coachtobetter.info
singpost.agency
cryptovikings.art
abovetherootsgrower.com
steeltoilets.com
ugearup.com
catchotter.com
jamesstewartjr.com
jaysmhp.com
emotionfocusedapproaches.com
asamanagement.xyz
gillbane.com
supremepeak.net
logicalstrength.com
kuaiyicai.net
lappajarvi-info.com
babyfaceskincare86.com
luxuryhomesinpinellas.com
fitnessbymargaret.com
combatcollective.com
tremas25.com
ytfusion.com
les-ptites-pepites.com
gritnail.store
endosstore.com
deeznft.com
bits-clicks.com
reviewercasino.com
bets-bc-pvitt.xyz
mussten-viva.com
vegan-mexican.com
allsystemnow.online
mylimitlesssuccess.com
su458.com
gombc-a02.com
revuedrh.com
presidentfun.com
aragonproductions.com
iphone13.computer
codingnesia.tech
taiycwyb.com
asesoriasfinancieras.xyz
gxystgs.com
brilliantyard.com
mediationmattersgc.com
healingprotection.com
smgraphicdesign.com
Targets
-
-
Target
PO6312.EXE
-
Size
286KB
-
MD5
6dca73a65b62eb5f40cc45ec4085f695
-
SHA1
5a478b2dd4ba1bcfaeec8cde0d5ff7f6e8bd9798
-
SHA256
9fe9d14b0dfe4fd0006b432eb8acb4bbba782da6071fb4ca50676a1ebb73958f
-
SHA512
9a23ab54b531436b52f870ad80241eefa843f66f18279dfdf1f263a4008b98aba2f30f37d55e497d4b2de9259217687feef5f59c0d978d969f4b7509d8d44800
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-