General
-
Target
e0f1e3b823d0cddfa31461ab72ea9406.exe
-
Size
263KB
-
Sample
220209-tsh5pabahn
-
MD5
e0f1e3b823d0cddfa31461ab72ea9406
-
SHA1
d13ac912867e46b4a88abc1ea35516fc95759a96
-
SHA256
af7abd08a5752f55f59e38b2bd9568943ada7d2b23ddc3324b735beebd8846ce
-
SHA512
57b1019dbeade18f07be6ee66662f501e7b210ac74bbd0e2a78ba7e0d0c655c90409dfc6c64b31b32ceab44404279f20f7d1a621b64e651556f1d44dde6c20d0
Static task
static1
Behavioral task
behavioral1
Sample
e0f1e3b823d0cddfa31461ab72ea9406.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
o6tg
turkscaicosonline.com
novelfoodtech.com
zgrmfww.com
gestionalcliente24hrs.store
postrojka.com
tapissier-uzes.com
tobytram.one
preamblegames.com
clicklinkzs.com
franksenen.com
beautygateway.net
foils-online.com
aout.us
promarkoperations.com
alignatura.com
changemylifefast.info
minbex.icu
internethustlersociety.com
chinacqn.com
fibsh.com
878971.com
diy-shisha.com
smarthomesecurity.online
orimsglow.com
platterwax.xyz
ipinksheets.com
robertatoschi.com
mieventi.com
qumuras.info
anyoneh.com
lovegasboutique.com
elimchambers.com
nanopicomedia.com
getoken.net
thechristmaslightingstore.com
progressivecapital.net
ott-leszek.com
flaneur.city
srikrishnadental.com
bantasis.com
forhims.jobs
sscmdpt.com
americanpawnaz.com
greatdayplumbing.com
skinstorecenter.com
chaoticcomicscrafts.com
farhadhossain.us
c-soi.com
http01.com
tjweifukeji.com
controldatasa.com
fitlearningphoenix.solutions
polecatroofing.com
xrxgqf.website
helmettips.com
caesarscasiono.com
dmfcommercialrealty.com
risecards.com
energycolumbus.com
slot138gacor.com
votenoahring.com
trigatefinancial.com
cuework.com
victorianalpine.com
makvik.online
Targets
-
-
Target
e0f1e3b823d0cddfa31461ab72ea9406.exe
-
Size
263KB
-
MD5
e0f1e3b823d0cddfa31461ab72ea9406
-
SHA1
d13ac912867e46b4a88abc1ea35516fc95759a96
-
SHA256
af7abd08a5752f55f59e38b2bd9568943ada7d2b23ddc3324b735beebd8846ce
-
SHA512
57b1019dbeade18f07be6ee66662f501e7b210ac74bbd0e2a78ba7e0d0c655c90409dfc6c64b31b32ceab44404279f20f7d1a621b64e651556f1d44dde6c20d0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-