General
-
Target
SC221420.IMG
-
Size
1.2MB
-
Sample
220215-vtfavsaegj
-
MD5
2e39197eefddf6c8d79a4775078872d1
-
SHA1
5a96005690d656881a03dde2974d8263b15def7e
-
SHA256
cc8d7caae86931fd55dbe76f6dce9cbbfedc3a9bd329c39a63e62c4b58ec39a4
-
SHA512
1ef12c97dc6f34ad94e9cbe951617ba1b1198c0a00192c9ec997e1823e19da248e95c1af7323e451454972751260ab837e03fd506f59513521cd59fdfce1866a
Static task
static1
Behavioral task
behavioral1
Sample
SC221420.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
ahc8
192451.com
wwwripostes.net
sirikhalsalaw.com
bitterbaybay.com
stella-scrubs.com
almanecermezcal.com
goodgood.online
translate-now.online
sincerefilm.com
quadrantforensics.com
johnfrenchart.com
plick-click.com
alnileen.com
tghi.xyz
172711.com
maymakita.com
punnyaseva.com
ukash-online.com
sho-yururi-blog.com
hebergement-solidaire.com
civicinfluencers.net
gzhf8888.com
kuleallstar.com
palisadeslodgecondos.com
holyhirschsprungs.com
azalearoseuk.com
jaggllc.com
italianrofrow.xyz
ioewur.xyz
3a5hlv.icu
kitcycle.com
estate.xyz
ankaraescortvip.xyz
richclubsite2001.xyz
kastore.website
515pleasantvalleyway.com
sittlermd.com
mytemple.group
tiny-wagen.com
sharaleesvintageflames.com
mentalesteem.com
sport-newss.online
fbve.space
lovingtruebloodindallas.com
eaglehospitality.biz
roofrepairnow.info
mcrosfts-updata.digital
cimpactinc.com
greatnotleyeast.com
lovely-tics.com
douglas-enterprise.com
dayannalima.online
ksodl.com
rainbowlampro.com
theinteriorsfurniture.com
eidmueller.email
cg020.online
gta6fuzhu.com
cinemaocity.com
hopeitivity.com
savageequipment.biz
groceriesbazaar.com
hempgotas.com
casino-pharaon-play.xyz
ralfrassendnk-login.com
Targets
-
-
Target
SC221420.EXE
-
Size
456KB
-
MD5
376f50bcc33f115ff257d0c05ac4ba1b
-
SHA1
6a81172d13f238b8ca60850870070ce8f3b20488
-
SHA256
0fcfde1ee285a35c722bfdd0b33f08771a26503d4bfc20541726456cf9351af1
-
SHA512
9bcce9e9dd2f2326f11b8a94867808404af9741e8e0dec59cf073a6eec666acfbb3eaaa26b6bb155060679937ee991048bf4ba3398bc53354c50dd9b61dae81c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-