General
-
Target
59994141a89bb9be2d56fb10d81b9ead22f4d171b6e1cc3d8bd406d7fe41b2b2
-
Size
507KB
-
Sample
220131-v512psadgm
-
MD5
2ac9b7aaee0cf79be88ed5703abc75ba
-
SHA1
4cbecd4bfc4b0af796269b7d08cd9f0ad8d15295
-
SHA256
59994141a89bb9be2d56fb10d81b9ead22f4d171b6e1cc3d8bd406d7fe41b2b2
-
SHA512
3c63d5cbe5c0bd78e853cc9873559067bfb7471c28ec9649f18a8323d2189e3b6e01a3dde9a1ade13ad30929b8f5982cceced870332df7b257ec2b7dc9a20f82
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT INSTRUCTIONS COPY.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
n58i
nl-cafe.com
votetedjaleta.com
britrobertsrealtor.com
globipark.com
citysucces.com
verisignwebsite-verified.com
riddlepc.com
rosecityclimbing.com
oleandrinextract.com
salmankonstruksi.com
needhamchannel.com
refreshx2z.com
youth66.com
pla-russia.com
halloweenmaskpro.com
exdysis.com
1gcz.com
lookgoodman.com
rlxagva.com
stlcityc.com
writingleagues.com
biodunandewaoluwa.com
whitepetalsboutiques.com
idirtivio.com
ministerioslodj.com
bachelors.win
floortak.co.uk
naturaldogseltzer.com
hypermediarus.online
grandrapidsvirtualboatshow.com
usabrokersgroup.net
marketlala.com
5923599.com
oldhousechicago.com
crucial.company
chickaboom.net
fashionelixirs.com
robertstevensonphotography.com
goddessruby.com
hostings.company
freeganyachtclub.com
shierxing.com
sfca01.com
ahhtcd.com
yournumberoneteam.com
w88linklogin.com
worldchampsfootball.club
arcadems.com
rutroms.club
oxfordholidaycottage.com
science-laboratory.info
wecarefamilyphysicians.com
cdaaesthetics.com
defyesthetics.com
haselwoodvwevents.com
promoterss.com
gromov-plc.com
themaximogroup.com
litlidin.com
guangheng-sh.com
cashcowlending.com
foxelpie.com
bppublicschool.com
terapiademuerdago.com
mack3sleeve.com
Targets
-
-
Target
PAYMENT INSTRUCTIONS COPY.exe
-
Size
533KB
-
MD5
51c32b446180f49c6b6537a25a191b88
-
SHA1
5a7187ad9215b34c62f96577286e01cab0436acd
-
SHA256
65a1476fde2b2c018f8eaa5e96a77156baeb6f35bd46545db8745fa4fe0c4869
-
SHA512
e622dd78122325b22e274238c025d3dfa0577b35ed1509d5fcdc3717a55484326377bc47541ac5c050183f1ab0add718e62f050d1ff1cb305f31c403749737dd
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-