General
-
Target
7791cb00900b2cedf11970c8f42064656b58c61721b9c230fc0ab15af40479d1
-
Size
337KB
-
Sample
220224-j43ncsdfdk
-
MD5
922b85fda90aeb6b6b23aa0d1847794f
-
SHA1
a414b5d924f7ee2bf1de38cdd04fdbe62a04c411
-
SHA256
7791cb00900b2cedf11970c8f42064656b58c61721b9c230fc0ab15af40479d1
-
SHA512
d8da6261b44dceb5f0aad76aad0a473170eda6b4b79c8a0f4fcd486e18e50bf913a903bf475ec736e0da4497b9b2922e7c7782cb8e0a3bb6fa3fa1a0ab120f59
Static task
static1
Malware Config
Extracted
xloader
2.5
p2a5
gorillaslovebananas.com
zonaextasis.com
digitalpravin.online
memorialdoors.com
departmenteindhoven.com
vipulb.com
ruyibao365.com
ynpzz.com
matthewandjessica.com
winfrey2024.com
janetride.com
arairazur.xyz
alltheheads.com
amayawebdesigns.com
califunder.com
blacksource.xyz
farmasi.agency
ilmkibahar.com
thinkcentury.net
eskortclub.com
trc-clicks.com
negc-inc.com
knightfy.com
rentalsinkendall.com
semikron1688.com
755xy.xyz
primespot-shop.com
securetravel.group
luxehairbyjen.com
augpropertygroup.com
xinlishiqiaoqiao.xyz
naggingvmkqmn.online
pynch2.com
awarco.net
booyademy.com
244.house
574761.com
haoshanzhai.com
dubaiforlife.com
acidiccatlsd.com
amotekuntv.com
runfreeco.com
iamaka.net
599-63rdstreet.com
cakeshares.com
evengl.com
joinlever.com
cyberaised.online
genrage.com
walterjliveharder.com
northbayavs.com
spajoo.com
ypkp-com37qq.com
dautucamlam.com
installslostp.xyz
bisbenefits.solutions
espchange.com
exteches.com
utilitytrace.com
468max.com
835391.com
shoptomst.com
pingerton.online
avpxshnibd.mobi
cupboarddi.com
Targets
-
-
Target
7791cb00900b2cedf11970c8f42064656b58c61721b9c230fc0ab15af40479d1
-
Size
337KB
-
MD5
922b85fda90aeb6b6b23aa0d1847794f
-
SHA1
a414b5d924f7ee2bf1de38cdd04fdbe62a04c411
-
SHA256
7791cb00900b2cedf11970c8f42064656b58c61721b9c230fc0ab15af40479d1
-
SHA512
d8da6261b44dceb5f0aad76aad0a473170eda6b4b79c8a0f4fcd486e18e50bf913a903bf475ec736e0da4497b9b2922e7c7782cb8e0a3bb6fa3fa1a0ab120f59
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-