General
-
Target
PO.exe
-
Size
906KB
-
Sample
220308-mm98nagedq
-
MD5
d87832e3f675ffd9d871f455ffa55ff1
-
SHA1
8d2a9daa0caf5fad0159ed2233d56bf94b8e7337
-
SHA256
31f44a55873cb84506a1213469e0c884eb7f8b4dea91197bedf8a892c1404654
-
SHA512
779258a90d6552c09b132b01b80418054c9a972d797d91c8e202644594a487da60653777137f6acf1ad8ad4d7e8b873bb88505338a126923f9876c9c7499adf9
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
yrcy
sturlabas.com
tantrungcompany.com
wildgraceyogahealing.com
wsparalegal.com
8xhgq.xyz
mysaylav.com
amelntl.net
cooleshow.online
adventuresbydisneyathome.com
sprinklekart.com
prostitutkitambovasuck.info
pakdao.com
finsith.com
nightpartner82.xyz
sex9a4ufbj.com
ketohousee.com
mairie-les-cammazes.com
elebots.xyz
highqualityremodeling.net
teamsterslocal553.com
rws3.xyz
ngucocloisua.online
waiting-game.com
chauffeureddriven.com
makemusictemecula.com
17taol.com
big-swindle.com
surveycourses.com
my-safqati.com
gn-powerplants.com
colorgameph.com
jaysingpurchessacademy.com
onlinedon.net
sebashtiana.com
vitamincfood.com
thesportcollective.com
tradableassettokens.com
worldhealthnutrition.com
let-value.com
tanyademby.com
tollesonhouses.com
puzzleadventure.city
mindsetolimpionico.com
krakenind.com
investorsbak.com
tenloe049.xyz
gooddeals4u.online
adelphosformacao.com
cyndeiversondesigns.com
hrofmdieh.com
volucercab.com
bitcoindatai.com
gokelmining.com
magicbasketbourse.net
myblessedgeneration.com
super-trade.online
onevishnu.online
ctr-expert.com
globalitinfra.com
lickmychili.com
0xbot.net
91aaa.net
b3yg6g.com
ruleship.com
lifescreativeflow.com
Targets
-
-
Target
PO.exe
-
Size
906KB
-
MD5
d87832e3f675ffd9d871f455ffa55ff1
-
SHA1
8d2a9daa0caf5fad0159ed2233d56bf94b8e7337
-
SHA256
31f44a55873cb84506a1213469e0c884eb7f8b4dea91197bedf8a892c1404654
-
SHA512
779258a90d6552c09b132b01b80418054c9a972d797d91c8e202644594a487da60653777137f6acf1ad8ad4d7e8b873bb88505338a126923f9876c9c7499adf9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-