General
-
Target
8b74ea45562754413df652ff7754a4c4ac90782f298a1d4066c9801d799a1138
-
Size
1.2MB
-
Sample
220205-g14edahafr
-
MD5
de27b85bfa13e39026b81344b1e4dfb7
-
SHA1
7cfd963249cef91259f666b461c12fe4e6faab34
-
SHA256
8b74ea45562754413df652ff7754a4c4ac90782f298a1d4066c9801d799a1138
-
SHA512
2f79ca82193a52b7c5967738419e2f56d9b036a1a268fadd2f419c0e9e09b223771a8c1b47d601a5d58d7e18e8002a9ea7d772ddd28e36b0ed8751e186a7b729
Static task
static1
Behavioral task
behavioral1
Sample
DOC40218.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
ahc8
192451.com
wwwripostes.net
sirikhalsalaw.com
bitterbaybay.com
stella-scrubs.com
almanecermezcal.com
goodgood.online
translate-now.online
sincerefilm.com
quadrantforensics.com
johnfrenchart.com
plick-click.com
alnileen.com
tghi.xyz
172711.com
maymakita.com
punnyaseva.com
ukash-online.com
sho-yururi-blog.com
hebergement-solidaire.com
civicinfluencers.net
gzhf8888.com
kuleallstar.com
palisadeslodgecondos.com
holyhirschsprungs.com
azalearoseuk.com
jaggllc.com
italianrofrow.xyz
ioewur.xyz
3a5hlv.icu
kitcycle.com
estate.xyz
ankaraescortvip.xyz
richclubsite2001.xyz
kastore.website
515pleasantvalleyway.com
sittlermd.com
mytemple.group
tiny-wagen.com
sharaleesvintageflames.com
mentalesteem.com
sport-newss.online
fbve.space
lovingtruebloodindallas.com
eaglehospitality.biz
roofrepairnow.info
mcrosfts-updata.digital
cimpactinc.com
greatnotleyeast.com
lovely-tics.com
douglas-enterprise.com
dayannalima.online
ksodl.com
rainbowlampro.com
theinteriorsfurniture.com
eidmueller.email
cg020.online
gta6fuzhu.com
cinemaocity.com
hopeitivity.com
savageequipment.biz
groceriesbazaar.com
hempgotas.com
casino-pharaon-play.xyz
ralfrassendnk-login.com
Targets
-
-
Target
DOC40218.EXE
-
Size
409KB
-
MD5
f0d6685e51ab75d3585212478055cb22
-
SHA1
11cc87018e7dd4620e7b824012f40cac0a1f367d
-
SHA256
caaa240601d0e42acb112b2c61f1f71cb12348f77259c8c98cece75735dfc1e0
-
SHA512
3b19cae94fd6baa2c18069b01e3386db1f13ab848fcce0f9673b246b5f5fb5bad414c27b835bf6f478937fc8afa23d77b7beea4f299badb9434f585792b168a5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Sets service image path in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-