General
-
Target
dAkPKAwtoDLxTrD.exe
-
Size
836KB
-
Sample
220308-q9tqzaaddr
-
MD5
70546f38493221036fa4704f272ca6da
-
SHA1
33994e6316abe2f24c448d916fb53c5468d0f76e
-
SHA256
d0fd68de07eaddfd233b49bad8c222121ee284d8f783900d22e074accbcf7c2e
-
SHA512
a1cd4799dcd8e7b9cc56df71388faf0749e69a832e0b2ceb16f1956659ac1d24d8f1906e34b9ee2f94f686a43e80556014bb9f01a5ba5160224a40e30e30efbe
Static task
static1
Behavioral task
behavioral1
Sample
dAkPKAwtoDLxTrD.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
b8eu
coeusconsultancy.com
allutravel.com
frustratedsportsfan.com
notch.host
cvkur.com
dunamisathletics.com
citycourtlafayetteclass.com
tastingpay.com
beriteautoglass.com
mexicanaenergy.com
karaokepkllkb.xyz
equiposymaquinasparamineria.com
fsmgayrimenkulbursa.com
femmequidanseaveclalune.com
frfrjrbfkfncifnsnqwnxbcb.com
jmwxhsbktiyq7.xyz
nevirame.com
wppaulwriter.com
anandiaper.xyz
krasamart.com
osakebatake.com
procofun.com
makingcash4u.online
tbrme.plus
nfqch.com
regitconvention.com
lawyer-kuchukov.online
encontrartrabajosbuscarmex.com
robyngauer.com
awarity.agency
holyhirschsprungs.com
katiesmobilestyling.com
rj3143.com
theheroinejourney.net
jktechsupport.com
smartlifestickpack.net
getelements.today
awaknofficial.com
officereinstatementsg.com
cgloansllc.com
infra-hiit.com
additionstore.com
zerotocloudengineers.com
rezendetube.com
tarotgatahechizos.com
tanakaya-jp.com
krakow-nagromadzenie.space
frontpage.asia
exclusivedigitalprinting.com
bacnebuster.com
zbhuizhu.com
amenosu.com
sgparking.com
ynov-lille.com
kazamiharutoki.com
nottryingdoing.com
healthyeatingbooknow.com
thevisionagency.net
bjhaqx.com
qhzhuhang.com
ferryal.xyz
diglib.info
soulshine.today
mamazdenka.com
millennialsofacertainage.com
Targets
-
-
Target
dAkPKAwtoDLxTrD.exe
-
Size
836KB
-
MD5
70546f38493221036fa4704f272ca6da
-
SHA1
33994e6316abe2f24c448d916fb53c5468d0f76e
-
SHA256
d0fd68de07eaddfd233b49bad8c222121ee284d8f783900d22e074accbcf7c2e
-
SHA512
a1cd4799dcd8e7b9cc56df71388faf0749e69a832e0b2ceb16f1956659ac1d24d8f1906e34b9ee2f94f686a43e80556014bb9f01a5ba5160224a40e30e30efbe
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-