General
-
Target
SCAN_112877484993940484_jpg.exe
-
Size
364KB
-
Sample
220309-g8cavshbgj
-
MD5
344bbe5e0e86adb47e54e3b87601bf2a
-
SHA1
f350ac874315f23a45605e389b3848dd70c00c46
-
SHA256
a37ef7dac182a6cea6afeb46e114c8ff98a4befa00a3ee353885a354c9d58109
-
SHA512
468b7a371b05b8489ca1d915707ebdc54625231feb8a7f4bb3aaa293811837e8c805c789799aa3a28919b5daa40dc2b4ec4eb23c8a8a957374556c954d483334
Static task
static1
Behavioral task
behavioral1
Sample
SCAN_112877484993940484_jpg.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
ubqk
tundrat-celltherapy.com
superfinance.club
5x5week.com
687504.com
clarkdn.com
potterypklsck.xyz
4m5k.com
21t8.com
94o2ohfjg.com
bhupendratravels.com
nomadashop.com
w388bet.bet
naturalenetwork.net
tupaqu.com
osooir.com
jengly.com
cbsharjah.icu
tokowallpaperbekasi.com
baggamut.com
upoon81.com
thenewfitnessheros.com
uplearns.info
ansp3.xyz
alamocitywrap.com
queroseusucesso.com
stoneandreesteam.com
sdtcm.quest
bicoastalhempconnect.com
northcarolinahempcrete.com
frator.xyz
arches2.com
reyuzed.com
klamc.xyz
fesoftware.net
montecristo.network
enrolltx.com
xebervaxti.info
kioskpass.com
obio-energi.com
metamode.xyz
linyiqingzhou.com
lawajay.com
compmastrdocxc.store
artscience.xyz
graphic-touch.com
metaversetoken.digital
candgconstructiontx.com
insighttactics.net
ameripriseonnet.net
llaa12.xyz
taoluzhibo.show
biensetservicesenlimo.com
hospifancy.com
marmitafitcomamor.space
anapriscilamarketing.com
falak-online.com
gvcthailand.com
xalixiang.com
atencionespecializada24hrs.com
bravasestudio.com
chek-enterprises.com
zikdating.com
dolphincomputergsk.com
tara88.com
3cnew.com
Targets
-
-
Target
SCAN_112877484993940484_jpg.exe
-
Size
364KB
-
MD5
344bbe5e0e86adb47e54e3b87601bf2a
-
SHA1
f350ac874315f23a45605e389b3848dd70c00c46
-
SHA256
a37ef7dac182a6cea6afeb46e114c8ff98a4befa00a3ee353885a354c9d58109
-
SHA512
468b7a371b05b8489ca1d915707ebdc54625231feb8a7f4bb3aaa293811837e8c805c789799aa3a28919b5daa40dc2b4ec4eb23c8a8a957374556c954d483334
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-