General
-
Target
953708e0cefbd35c124e526d9f7bd4d2
-
Size
706KB
-
Sample
220223-rgyd5abgbq
-
MD5
953708e0cefbd35c124e526d9f7bd4d2
-
SHA1
5c3437b790aaca62b048c38f53584aedb6aaa118
-
SHA256
5598831a8a17b53751f4c34112c7c4b42d4906a6e73d60018ae8d499ce605580
-
SHA512
1b21b714b95ae43200b652178a99b815ac6f95a3e411497cf21592e3ecb788fe8e813a5d55299c044a3ec6ad362e584cce132801efcc2c64cc85324636969960
Static task
static1
Behavioral task
behavioral1
Sample
953708e0cefbd35c124e526d9f7bd4d2.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
vfm2
alfaiptvturkiye.com
snagged.xyz
sarrosh.com
jpitkin.com
shiningproent.com
welcommon.com
oglesheatandair.com
qtomdnwj.xyz
threemee-pictures.com
refractory.online
ethercut.com
uniformityenegotiate.com
hawktech.club
adventplus.online
tuntun-newmarket.com
tiendasnea.online
thegranitegalleria.com
trawk.club
gold2guide.art
skphoolmakhana.com
wataameclub.net
8x70i.xyz
nifaji.com
dixiebusybee.com
joshuathomaskelly.com
heibrain.xyz
lybelledynamics.xyz
tghi.xyz
happyvills.com
mammutisrael.com
livesworldwide.com
meganandbobbyprine.com
architectblaster.com
mobilecoin.art
campbellcomponents.com
vertex.icu
priorityinsuranceadvisors.com
businessfirstline.com
ugiltd.net
wisegatewebsite.com
terra-library.com
krppturfed.quest
smartstortech.net
rfwaa.com
aranehsdesigns.com
vuitton-louis.biz
kuwaitdigitalmarketing.com
theartofimprovement.com
veganwala.com
shopalilux.com
just4beauty.store
aftemb.com
linhstea.com
drdo-nstl.com
welfare-inc.com
brilliantshelf.com
influxair.com
peninsulaheatpump.com
uana.bet
xpressporn.com
mchc.xyz
auritype.com
kurals.cloud
foodtaing.com
fuckingmom.xyz
Targets
-
-
Target
953708e0cefbd35c124e526d9f7bd4d2
-
Size
706KB
-
MD5
953708e0cefbd35c124e526d9f7bd4d2
-
SHA1
5c3437b790aaca62b048c38f53584aedb6aaa118
-
SHA256
5598831a8a17b53751f4c34112c7c4b42d4906a6e73d60018ae8d499ce605580
-
SHA512
1b21b714b95ae43200b652178a99b815ac6f95a3e411497cf21592e3ecb788fe8e813a5d55299c044a3ec6ad362e584cce132801efcc2c64cc85324636969960
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-