General
-
Target
7IaVcfn93gmybib.exe
-
Size
501KB
-
Sample
220208-s1xglshgbq
-
MD5
dff6c60684ba9f0c0eaafcfa6fbd2dcb
-
SHA1
74b835eb13019d63404258776791cab16db4ccfd
-
SHA256
b88f9f5f1944a3f2d0f7586fcdb3b3262bfb979e3fbc3364b306067cc6d5f38e
-
SHA512
531d8bc89f8f4db05b49a845407f52b00371834ec37f13d49abb861f066e9b87fe4d80ac565e12abfc09b43c8d822a139e0ecdd321ee2f116e9e25f5407d6ae0
Static task
static1
Behavioral task
behavioral1
Sample
7IaVcfn93gmybib.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
cbgo
tablescaperendezvous4two.net
abktransportllc.net
roseevision.com
skategrindingwheels.com
robux-generator-free.xyz
yacusi.com
mgav35.xyz
paravocecommerce.com
venkatramanrm.com
freakyhamster.com
jenaashoponline.com
dmozlisting.com
lorrainekclark.store
handyman-prime.com
thecrashingbrains.com
ukpms.com
livingstonemines.com
papeisonline.com
chrisbakerpr.com
omnipets.store
anatox-lab.fr
missingthered.com
himalaya-nepalorganic.com
bitcoin-bot.xyz
velarusbet78.com
redesignyourpain.com
alonetogetherentertainment.com
sandywalling.com
solacegolf.com
charlottesbestroofcompany.com
stefanybeauty.com
webarate.com
experiencedlawfirms.com
lyfygthj.com
monoicstudios.com
rgamming.com
mintique.pro
totalwinerewards.com
praelatusproducts.com
daniloff.pro
qmir.digital
tatasteell.com
casatowerofficial.com
sunrisespaandbodywork.com
mgav66.xyz
bastnbt.com
fabiulaezeca.com
sunmountainautomotive.com
madgeniustalk.com
elite-hc.com
billcurdmusic.net
foxclothings.com
adtcmrac.com
buresdx.com
tothelaundry.com
bitconga.com
onlinebiyoloji.online
up-trend.store
kaarlehto.com
interview.online
grantgroupproperties.com
jpmhomes.net
yinlimine.xyz
roadtrippings.com
cottoneworld.com
Targets
-
-
Target
7IaVcfn93gmybib.exe
-
Size
501KB
-
MD5
dff6c60684ba9f0c0eaafcfa6fbd2dcb
-
SHA1
74b835eb13019d63404258776791cab16db4ccfd
-
SHA256
b88f9f5f1944a3f2d0f7586fcdb3b3262bfb979e3fbc3364b306067cc6d5f38e
-
SHA512
531d8bc89f8f4db05b49a845407f52b00371834ec37f13d49abb861f066e9b87fe4d80ac565e12abfc09b43c8d822a139e0ecdd321ee2f116e9e25f5407d6ae0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-