General
-
Target
loader4.exe.bin
-
Size
267KB
-
Sample
220216-c5jtbaceaq
-
MD5
a745520f45bced7375d4e918a82c0517
-
SHA1
5fe7418c073c45eebbd6d12220cd63a49ea4f122
-
SHA256
22099fbafc3dda95912c51aa0c313826f21e2fe84ef51453c649f66ab29c6916
-
SHA512
caa99e83e30c03a90e97c09f296eb2530e08da47957b4aa632909ffae9a2c929cf641496fbc9640598e1dca05f269b950b3ce8c10b198af0180684581e6dc194
Static task
static1
Behavioral task
behavioral1
Sample
loader4.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
ndf8
cantobait.com
theangularteam.com
qq2222.xyz
floridasteamclean.com
daffodilhilldesigns.com
mindfulagilecoaching.com
xbyll.com
jessicaepedro2021.net
ccssv.top
zenginbilgiler.com
partumball.com
1681890.com
schippermediaproductions.com
m2volleyballclub.com
ooiase.com
sharingtechnology.net
kiminplaka.com
usedgeartrader.com
cosyba.com
foodfriendshipandyou.com
ottolimo.com
growingyourlist.com
therealvictoriabelieves.com
juststartmessy.com
giovannahuyke.biz
conditionsapplied.com
hypadel.com
hpywk.com
safepostcourier.com
heshicn.net
perfektdesigns.com
4008238110.com
29store.xyz
frasins.com
amrittrading.com
dimaiwang.com
promtgloan.com
rosalvarodriguez.com
yiqingdh.xyz
toloache-matrix.com
homevoru.com
esatescort.xyz
onlinedictionary.cloud
smarthomesecurity.online
nikisankala.com
multizoneductlessminisplits.com
32123.space
bethesdagardensloveland.com
bestpicture-toglancetoday.info
mochicascafe.com
moneylovepig.com
envisioneyecare.net
jumbul.com
onbecomingalifecoach.com
gubosaonline.com
2636654.win
ktxloo.com
side-clicks.com
spectrumassociation.com
albatrosmed.store
drsazidalsahaf.com
applykpologistics.com
rezzo-jazzavienne.com
huachen100.net
pawastreams.com
Targets
-
-
Target
loader4.exe.bin
-
Size
267KB
-
MD5
a745520f45bced7375d4e918a82c0517
-
SHA1
5fe7418c073c45eebbd6d12220cd63a49ea4f122
-
SHA256
22099fbafc3dda95912c51aa0c313826f21e2fe84ef51453c649f66ab29c6916
-
SHA512
caa99e83e30c03a90e97c09f296eb2530e08da47957b4aa632909ffae9a2c929cf641496fbc9640598e1dca05f269b950b3ce8c10b198af0180684581e6dc194
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-