General
-
Target
CTM REQUEST.exe
-
Size
265KB
-
Sample
220131-b1tmaadceq
-
MD5
64477dc3ce0b183b116147707d6f6928
-
SHA1
a2859ec6076ff22a0a45a20c056be9d380cb5c54
-
SHA256
01222693e4698149f19d31ac66567a9815f89509bac13d690de8a5afda2bee08
-
SHA512
9de95fb485a2dd4554a88cf78faeb5e01bd9073632322804403ab61cde027739750c28a3a036228cbb2f8a432017a0dfd09a3e4cf5dc5da2f7273437be402699
Static task
static1
Behavioral task
behavioral1
Sample
CTM REQUEST.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
3a4h
mohamedmansour.net
asap.green
influxair.com
45mpt.xyz
cablerailingdesign.com
salesdisrupter.com
cxfarms.com
enerconfederal.com
pl1x.top
nyoz.top
fitnesz.website
minimi36.com
borealiselectricalrepair.com
miskalqurashi.com
importacionesdelfuturo.com
cigfinanacial.com
luxamata.xyz
digicoin724.com
gozabank.com
tribal-treasures.com
hose.center
myzipe.com
cqi2zp.biz
prodello.com
faciso.com
budgethoortoestellen.info
toddlyonsfishing.com
phhmrotgage.com
wcf888.xyz
paypal-caseid194.com
bobstranz.com
aerthlabel.com
echotrailliving.com
dysmict.com
ijoimr.com
excellentcreation.store
at-commercial-co.com
aeczpx99pxgd.biz
khuj1.com
reactivephysiorehab.com
trup.club
barber-king.online
shippingcontainerhomeus.com
sumanita.network
alyssaandrobert2022.com
greatamericanlandworks.com
fortlauderdalepartyboats.com
lqmrfw.com
industrionaires.com
potholepatrol.club
lagardeningsolutions.com
bigceme3.com
rebuildgomnmf.xyz
chimneysweepdetroit.com
tucochepordinero.com
companyintel.systems
xn--snabbtkrkortonline-j3b.com
fermentvmkwjm.online
cnywocean.com
tadrosmortgages.com
healthylifefit.com
smartcapitalpay.online
hiratasistemaseassociados.com
nowidza.com
oshirohego.com
Targets
-
-
Target
CTM REQUEST.exe
-
Size
265KB
-
MD5
64477dc3ce0b183b116147707d6f6928
-
SHA1
a2859ec6076ff22a0a45a20c056be9d380cb5c54
-
SHA256
01222693e4698149f19d31ac66567a9815f89509bac13d690de8a5afda2bee08
-
SHA512
9de95fb485a2dd4554a88cf78faeb5e01bd9073632322804403ab61cde027739750c28a3a036228cbb2f8a432017a0dfd09a3e4cf5dc5da2f7273437be402699
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-