General
-
Target
c7a495508b1d56372df84c2cad44b99b65db360c0c31d409fe14d91eacf9072a
-
Size
884KB
-
Sample
220206-1kpqtscbgk
-
MD5
5e5e9d9c078d1026899ef8f4dc41ec5f
-
SHA1
60298ff1a7c0a752b514e529fc75911a8d72bc59
-
SHA256
c7a495508b1d56372df84c2cad44b99b65db360c0c31d409fe14d91eacf9072a
-
SHA512
3eb54480c0b5792a864d74c366a4911a89429ca65cd927a0607084abcd50f4ca925dbdf66232e52e77e2e3f962f0596ae421d19af3fa67fa5cc79b83b19066ff
Static task
static1
Behavioral task
behavioral1
Sample
transferir copia_03_05.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
transferir copia_03_05.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.3
8zdn
yourherogarden.net
onlineharambee.net
cerrajeriaurgencias24horas.com
distritoforex.com
verifyclientserverssr.com
dandwg.com
co2-zero.global
joshssl.com
meckwt.com
theammf.com
rawclectic.com
gzgnetwork.com
richmondavenuecoc.com
nicolelyte.com
thetinyclosetboutique.com
llt-group.net
seven-sky-design.com
joganifinancialgrp.com
elementsvapes.com
bingent.info
quaichshop.net
unethicalsgsblaw.com
matts.digital
lexafit.com
covidwanderings.com
pk972.com
fanashaadivine.com
winharadesigns.com
adosignite.com
goldengatesimmigration.com
unazampanelcuore.com
gasexecutive.com
sdps365.net
worthingtonminnesota.com
ducatsupply.com
beijinghui1.icu
hn-bet.com
homeforsalesteamboat.com
tiaozaoxinlingshou.net
mrbils.net
depuitycollector.com
winningovereating.com
usedonlyrvs.com
verbinoz.com
threepocketmedia.com
lizbing.com
fivestardogfoods.com
edevercal.net
irisettelment.com
beautyphernalia.com
terrawindglobalprotection.net
floridaindian.com
kidzistore.com
kulisbet117.com
logingatech.info
ftdk.net
lawwise.legal
bruthawar.com
lemonpublishing.com
6781529.com
zfxsotc.com
shroomsdrop.com
ahm-app.com
finesilversmith.com
basiclablife.com
Targets
-
-
Target
transferir copia_03_05.exe
-
Size
823KB
-
MD5
4f1a54809ac8e534239bade40b46bfab
-
SHA1
cc4ae9e1888fa1071fcccc56f8e46253bd00b99a
-
SHA256
3488d309b21afbc3b481320bcf1209908813e2eb8a63df772f740426034b9958
-
SHA512
d13542d590ec6482f6c0bbbbf6d504f39c64fd28f8e32ebb239a33193c0afe4cd4e938ca6a966e115aeaa92e21b0581d32cf8a736e764d66b237d573e303a705
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-