General
-
Target
48ce6fe586c630ed2f41ba2f9c926d742bf379d56d9fcf89c852f03b4d46f7e7
-
Size
1.2MB
-
Sample
220203-gxaynaddcm
-
MD5
8ca70174128d52b93920c91bb7d39ff9
-
SHA1
26b98f6341820793d64bf90fc6cc2d638a888f0e
-
SHA256
48ce6fe586c630ed2f41ba2f9c926d742bf379d56d9fcf89c852f03b4d46f7e7
-
SHA512
f425bc7d11be36b8f0351ef5b6321a64b84970f97e2acf8156c7d63f0679763b0f0cb1fa388a18a9c6043d358c53bd72f38e7ff6a7f5c02bb536c84cb2f09b88
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_41.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
uar3
sgadvocats.com
mjscannabus.com
hilldaley.com
ksdollhouse.com
hotgiftboutique.com
purebloodsmeet.com
relaunched.info
cap-glove.com
productcollection.store
fulikyy.xyz
remoteaviationjobs.com
bestcleancrystal.com
virtualorganizationpartner.com
bookgocar.com
hattuafhv.quest
makonigroup.com
officecom-myaccount.com
malgorzata-lac.com
e-learningeducators.com
hygilaur.com
kgv-lachswehr.com
salazarcomunicacion.com
robopython.com
corporateequity.online
complianceservicegroup.com
aperza-ex.com
webflowusa.com
asesoriasfinancieras.xyz
missolivesbranches.com
numiquest.com
criskconsultancy.com
gotemup.com
themaptalk.com
lakebalboahalf.com
cateringfrenchcroissant.com
paddocklakerealestate.com
lojaquerosurprezza.store
courtneywhitearmusic.com
geovannimaquinadevendas.online
pricklypairjazz.com
engagedigi.com
conduitforthespirit.com
anaheimaletrail.com
wholesalemall.store
alertsbecu.com
gestion-kayfra.com
youcanstores.com
qsuo.net
formadv.info
dihesia.xyz
carrreir.com
twenteeminuteswithtee.com
realliferenewal.com
officialprokodsukses.icu
stanfordgrouploscabos.com
maxicashpromir.xyz
zysqshjs.com
trc-clicks.com
chsclbd.com
amdproduce.net
republicoflies.com
beaux-parents.com
lucrativeapp.com
milbombas.com
alexanderplaywear.com
Targets
-
-
Target
ORDER_41.PIF
-
Size
247KB
-
MD5
cf7349316d1d05e5aeaad6223b79dad6
-
SHA1
5bdf74611a7b53d0e31667ee1a4703c94d28a727
-
SHA256
05b4da3e3aab112ef15f61ae3b033f5e304e5b2289a787c3be944c17b50a0226
-
SHA512
b8333f33986935ed031532743db7bc7491fd4028aa4b7d99e6024b60f978d1cc4cdc772a9dcd23b8395145ffad33186fe416aefc906fba84fe3ff6a18c0dd147
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Sets service image path in registry
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-