General
-
Target
SCAN COPY OF PRODUCT SAMPLES_jpg.rar
-
Size
282KB
-
Sample
220218-hvcvxachak
-
MD5
364ae872aa31fdd61fc2f654bba06b86
-
SHA1
81772fac212436f88299ec99252502614ede1e86
-
SHA256
6682ffe9c6a9139d1ea4d9a1b9e5c78c847bf714ec48c3f0bf97e3c7f340e594
-
SHA512
b818741815105c55e024a654e9624a712b74e930bc6eca88b68f7f221d1e149fb5a1d4d85f766e6e4213850b782fe4bf4c2f1644e983c255d4a672181b711acf
Static task
static1
Behavioral task
behavioral1
Sample
SCAN COPY OF PRODUCT SAMPLES_jpg.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
pout
leadergaterealty.com
k7bsz.info
laidjapp1.com
eastcountytaxi.com
betterlife-uae.com
materaiku.com
chanhxebinhthuan-hcm.online
06gjm.xyz
67t.xyz
here-we-meet.com
screened-articletoseetoday.info
lucykg.club
mujdobron.quest
susakhi.com
funtabse.com
unlimitedpain.com
2ed58fwec.xyz
weighttrainingexpert.com
allisonsheillax.com
yektaburgers.com
altijdstoer.info
airemspapartments.com
videomuncher.com
centerstagedrama.com
nikkou-toy.store
arequipesymerengues.com
haishandl.com
fy2zy5.com
mailheld.digital
sheepysage.com
fabricadocredito.com
siq212.com
moo-coo.com
hoomxb.net
6s2.space
rsholding.net
castellanacustomboats.online
tremblock.com
ramblingkinkster.com
teamsooners.club
onlinecasino-univ.com
dash8board.com
aichuncha.com
springhilllawn.com
zgluke.com
happynft.agency
urbanempireapparel.com
guanyiren.com
biglotteryking.com
marionkgregory.store
mujeresyaccion.com
smcusa.net
mayyon.net
vivibanca.website
15dgj.xyz
miabossjewelry.com
ideeperloshopping.cloud
healizy.com
huvao.com
huggsforbubbs.com
radiomacadam.online
firirifilms.com
knowhorses.com
chickenbeetlebooks.com
transtarintl.com
Targets
-
-
Target
SCAN COPY OF PRODUCT SAMPLES_jpg.exe
-
Size
357KB
-
MD5
b99e10d4eb07e4a986ee92bcf444a7bf
-
SHA1
470d703ad9ea51844f0577d917f7167cc032887d
-
SHA256
66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d
-
SHA512
4914d79035dffa9ef00dc79ac756957a3cf686af41e414836ae0500ec1a9c5084cb77b1a2c1f7ff203d77b9f7897f8de3b38c1aadb36c68aa92d5900b18096b0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-