General
-
Target
07033cb09a7c7cecf465003cf625997743f5263f8285d3204c6c3eb0825a8b2c
-
Size
466KB
-
Sample
220131-z3j3macacp
-
MD5
8bf61fcddf180c45869751eca4bb0938
-
SHA1
e179bc30bee2f8a80ee1827df5c29961189703c2
-
SHA256
07033cb09a7c7cecf465003cf625997743f5263f8285d3204c6c3eb0825a8b2c
-
SHA512
91ce53efb6690cd5774847e505f0bf0242edad46c6263ed8dbfc8c0a24d0c23aa587d1203519e66471e3f56882e928dd79e1aa055031c57821e41d5fd09b239d
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
n58i
nl-cafe.com
votetedjaleta.com
britrobertsrealtor.com
globipark.com
citysucces.com
verisignwebsite-verified.com
riddlepc.com
rosecityclimbing.com
oleandrinextract.com
salmankonstruksi.com
needhamchannel.com
refreshx2z.com
youth66.com
pla-russia.com
halloweenmaskpro.com
exdysis.com
1gcz.com
lookgoodman.com
rlxagva.com
stlcityc.com
writingleagues.com
biodunandewaoluwa.com
whitepetalsboutiques.com
idirtivio.com
ministerioslodj.com
bachelors.win
floortak.co.uk
naturaldogseltzer.com
hypermediarus.online
grandrapidsvirtualboatshow.com
usabrokersgroup.net
marketlala.com
5923599.com
oldhousechicago.com
crucial.company
chickaboom.net
fashionelixirs.com
robertstevensonphotography.com
goddessruby.com
hostings.company
freeganyachtclub.com
shierxing.com
sfca01.com
ahhtcd.com
yournumberoneteam.com
w88linklogin.com
worldchampsfootball.club
arcadems.com
rutroms.club
oxfordholidaycottage.com
science-laboratory.info
wecarefamilyphysicians.com
cdaaesthetics.com
defyesthetics.com
haselwoodvwevents.com
promoterss.com
gromov-plc.com
themaximogroup.com
litlidin.com
guangheng-sh.com
cashcowlending.com
foxelpie.com
bppublicschool.com
terapiademuerdago.com
mack3sleeve.com
Targets
-
-
Target
PO.exe
-
Size
484KB
-
MD5
0650530c0192eead0466f36564026598
-
SHA1
a731bbf3310af1d83119131c0e182e4302062eef
-
SHA256
d62663072daa5bde186f1d0c406225099d7ae372d00969a57016206c099ee1b7
-
SHA512
b35bf8737584a618af06804f7ea4b2fcfaa56d0cb2fa6c22a6584a243a65f544598e24ff317749bac39148f79439e7139d0847eaf77d1589d3764e073fd66d97
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-