General
-
Target
affaec3e32d0244aaf424180de568e23d03da3eb6c43dcb0b82b4e5185731abc
-
Size
418KB
-
Sample
220221-mlfyesfecj
-
MD5
9a4da2f3284b0179325ab5c1aab91db7
-
SHA1
5c227f6a98ba91dd4f697c6481fb2c7edc554e5c
-
SHA256
affaec3e32d0244aaf424180de568e23d03da3eb6c43dcb0b82b4e5185731abc
-
SHA512
0af714f93dbfa178df16698ab03796a8e86e98e86f4c3e0b296a0b023f05290a31d9d6339fe6f78df3d2c09a86a0281d87974c30cf26dd70ddc8cf9f44f0cd89
Static task
static1
Behavioral task
behavioral1
Sample
Carta de pago.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
kio8
greeaircondition.com
thewilmingtonguide.com
cbluedotlivewdmall.com
globalcrime24.com
heightsplace.com
ghar.pro
asosbira.com
melolandia.com
velactun.com
erniesimms.com
nutbullet.com
drizzerstr.com
hnqym888.com
ghorowaseba.com
1317efoxchasedrive.info
stjudetroop623.com
facestaj.com
airpromaskaccessories.com
wolfetailors.com
56ohdc2016.com
estedindustries.com
magmaplant.net
tf-iot.com
jtkqmz.com
helmihendrahasilbumi.com
audiencetrust.sucks
thespiritualabolitionist.com
lauratoots.com
fantasticsgelato.com
allinoncrypto.site
youremsys.com
awesome-veganism.com
tsunrp.net
systizen.com
73gardinerdrive.com
legamedary.com
newyorkcityhemorrhoidclinic.com
ffhcompany.com
angermgmtathome.com
plantationrevival.com
utopicvibes.net
envirocare-ss.com
domentemenegi20.com
gropedais.club
thaibizgermany.com
noimagreece.com
yogabizhelp.com
sanrenzong.com
bingent.info
chinhphucphaidep.online
dubojx.com
jennaloren.com
thedesigneryshop.com
opera-historica.com
pizzaterry.com
the-aviate.com
perteprampram01.net
pastormariorondon.com
dream-case.com
ocleanwholesaler.com
masdimensiones.com
fireworkstycoons.com
porntvh.com
fixedpriceelectrician.com
smallcoloradoweddings.com
Targets
-
-
Target
Carta de pago.exe
-
Size
357KB
-
MD5
03206cea63667d5f8e8861f554720473
-
SHA1
43bcabbfaffce6dfb7c5ec763f11ea85d8876dad
-
SHA256
c15f6faab41ea44719d795995c15024db0719fa5c9a731110587ec4e1e041fc2
-
SHA512
7552aae69b210e543f27d707952738df7f349daf99450e53b0a39729ea7bea5e31d34b9dc6b876ef2964f759f488a83a052a913125fb6b6f50767f994277e933
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-