General
-
Target
98c9c20fcffa6fe99c0841a33f4a9283552b9393d958818b9b2b610d5467822e
-
Size
757KB
-
Sample
220308-warp8acgfm
-
MD5
5c4dd55a06141f850ddcedb9253ed84c
-
SHA1
cf217d41e06f4c35eb00e8ad95bbfcd419a75424
-
SHA256
98c9c20fcffa6fe99c0841a33f4a9283552b9393d958818b9b2b610d5467822e
-
SHA512
f74078346a44c1902ff2a4bb53ba3cd7dda8a957d8a7ee7033a1739c48f33df363efce6235195dbb46ef3ec4814922bfc08c53750a0300fe1085f7d4d9e33232
Static task
static1
Malware Config
Extracted
xloader
2.5
p2a5
gorillaslovebananas.com
zonaextasis.com
digitalpravin.online
memorialdoors.com
departmenteindhoven.com
vipulb.com
ruyibao365.com
ynpzz.com
matthewandjessica.com
winfrey2024.com
janetride.com
arairazur.xyz
alltheheads.com
amayawebdesigns.com
califunder.com
blacksource.xyz
farmasi.agency
ilmkibahar.com
thinkcentury.net
eskortclub.com
trc-clicks.com
negc-inc.com
knightfy.com
rentalsinkendall.com
semikron1688.com
755xy.xyz
primespot-shop.com
securetravel.group
luxehairbyjen.com
augpropertygroup.com
xinlishiqiaoqiao.xyz
naggingvmkqmn.online
pynch2.com
awarco.net
booyademy.com
244.house
574761.com
haoshanzhai.com
dubaiforlife.com
acidiccatlsd.com
amotekuntv.com
runfreeco.com
iamaka.net
599-63rdstreet.com
cakeshares.com
evengl.com
joinlever.com
cyberaised.online
genrage.com
walterjliveharder.com
northbayavs.com
spajoo.com
ypkp-com37qq.com
dautucamlam.com
installslostp.xyz
bisbenefits.solutions
espchange.com
exteches.com
utilitytrace.com
468max.com
835391.com
shoptomst.com
pingerton.online
avpxshnibd.mobi
cupboarddi.com
Targets
-
-
Target
98c9c20fcffa6fe99c0841a33f4a9283552b9393d958818b9b2b610d5467822e
-
Size
757KB
-
MD5
5c4dd55a06141f850ddcedb9253ed84c
-
SHA1
cf217d41e06f4c35eb00e8ad95bbfcd419a75424
-
SHA256
98c9c20fcffa6fe99c0841a33f4a9283552b9393d958818b9b2b610d5467822e
-
SHA512
f74078346a44c1902ff2a4bb53ba3cd7dda8a957d8a7ee7033a1739c48f33df363efce6235195dbb46ef3ec4814922bfc08c53750a0300fe1085f7d4d9e33232
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Looks for VirtualBox Guest Additions in registry
-
Xloader Payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-