General
-
Target
335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743
-
Size
316KB
-
Sample
220223-p8wnhabecj
-
MD5
055bb9d26064b091388362cd9460d440
-
SHA1
0edd4226c1c62dfe6c3fdeb272eade9c8773d2a8
-
SHA256
335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743
-
SHA512
99ee3c57e631a6a0933b1764665bffd99177ecdde915a26cfef0f85d65a493b9e1c7f7fd17c2d99fa2bb20ff29b394d02d8621a3f9e9cbe124ed37fd0ec96a81
Static task
static1
Malware Config
Extracted
xloader
2.5
p2a5
gorillaslovebananas.com
zonaextasis.com
digitalpravin.online
memorialdoors.com
departmenteindhoven.com
vipulb.com
ruyibao365.com
ynpzz.com
matthewandjessica.com
winfrey2024.com
janetride.com
arairazur.xyz
alltheheads.com
amayawebdesigns.com
califunder.com
blacksource.xyz
farmasi.agency
ilmkibahar.com
thinkcentury.net
eskortclub.com
trc-clicks.com
negc-inc.com
knightfy.com
rentalsinkendall.com
semikron1688.com
755xy.xyz
primespot-shop.com
securetravel.group
luxehairbyjen.com
augpropertygroup.com
xinlishiqiaoqiao.xyz
naggingvmkqmn.online
pynch2.com
awarco.net
booyademy.com
244.house
574761.com
haoshanzhai.com
dubaiforlife.com
acidiccatlsd.com
amotekuntv.com
runfreeco.com
iamaka.net
599-63rdstreet.com
cakeshares.com
evengl.com
joinlever.com
cyberaised.online
genrage.com
walterjliveharder.com
northbayavs.com
spajoo.com
ypkp-com37qq.com
dautucamlam.com
installslostp.xyz
bisbenefits.solutions
espchange.com
exteches.com
utilitytrace.com
468max.com
835391.com
shoptomst.com
pingerton.online
avpxshnibd.mobi
cupboarddi.com
Targets
-
-
Target
335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743
-
Size
316KB
-
MD5
055bb9d26064b091388362cd9460d440
-
SHA1
0edd4226c1c62dfe6c3fdeb272eade9c8773d2a8
-
SHA256
335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743
-
SHA512
99ee3c57e631a6a0933b1764665bffd99177ecdde915a26cfef0f85d65a493b9e1c7f7fd17c2d99fa2bb20ff29b394d02d8621a3f9e9cbe124ed37fd0ec96a81
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Xloader Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-