General
-
Target
d6ff1bf3d769e567a0e41f7651a56c07.exe
-
Size
293KB
-
Sample
220214-h4dhsshhbn
-
MD5
d6ff1bf3d769e567a0e41f7651a56c07
-
SHA1
291bcef2a4335eaac400271209d0c0e99486b64c
-
SHA256
4d854fee4f2e2a7b2afb2c13b28207f5388b095d0f7f053b90e03cf5873904e9
-
SHA512
aeaf170b6771653c13140aace7c4803ecdeee1dab95c2986f1893f63aaddab84ae7255095cb55b0c86c857684c90b5e5f8c764ec7e69dc3a7c6f9340cbc080e6
Static task
static1
Behavioral task
behavioral1
Sample
d6ff1bf3d769e567a0e41f7651a56c07.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
o6tg
turkscaicosonline.com
novelfoodtech.com
zgrmfww.com
gestionalcliente24hrs.store
postrojka.com
tapissier-uzes.com
tobytram.one
preamblegames.com
clicklinkzs.com
franksenen.com
beautygateway.net
foils-online.com
aout.us
promarkoperations.com
alignatura.com
changemylifefast.info
minbex.icu
internethustlersociety.com
chinacqn.com
fibsh.com
878971.com
diy-shisha.com
smarthomesecurity.online
orimsglow.com
platterwax.xyz
ipinksheets.com
robertatoschi.com
mieventi.com
qumuras.info
anyoneh.com
lovegasboutique.com
elimchambers.com
nanopicomedia.com
getoken.net
thechristmaslightingstore.com
progressivecapital.net
ott-leszek.com
flaneur.city
srikrishnadental.com
bantasis.com
forhims.jobs
sscmdpt.com
americanpawnaz.com
greatdayplumbing.com
skinstorecenter.com
chaoticcomicscrafts.com
farhadhossain.us
c-soi.com
http01.com
tjweifukeji.com
controldatasa.com
fitlearningphoenix.solutions
polecatroofing.com
xrxgqf.website
helmettips.com
caesarscasiono.com
dmfcommercialrealty.com
risecards.com
energycolumbus.com
slot138gacor.com
votenoahring.com
trigatefinancial.com
cuework.com
victorianalpine.com
makvik.online
Targets
-
-
Target
d6ff1bf3d769e567a0e41f7651a56c07.exe
-
Size
293KB
-
MD5
d6ff1bf3d769e567a0e41f7651a56c07
-
SHA1
291bcef2a4335eaac400271209d0c0e99486b64c
-
SHA256
4d854fee4f2e2a7b2afb2c13b28207f5388b095d0f7f053b90e03cf5873904e9
-
SHA512
aeaf170b6771653c13140aace7c4803ecdeee1dab95c2986f1893f63aaddab84ae7255095cb55b0c86c857684c90b5e5f8c764ec7e69dc3a7c6f9340cbc080e6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-