General
-
Target
COMMANDE.exe
-
Size
300KB
-
Sample
220315-s9x5habefn
-
MD5
15ed95eaed3d1031c2e7dcc9d129e0f0
-
SHA1
98148eb8665763ed2b1dafbe2050d4b638f5078f
-
SHA256
5310b41169311c55d3dbdd3bf129510349d4eccac82ebe11ab34be1a291f2916
-
SHA512
2bbc1be0e8a703071cc6859b83db4032f92ba234bf4e41b4a221eb29191a208564995b356b24de9727e0abf669a6f79986742be0321249a8d0041abcbd39b341
Static task
static1
Behavioral task
behavioral1
Sample
COMMANDE.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
COMMANDE.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
cbgo
santesha.com
britneysbeautybar.com
sh-cy17.com
jeffcarveragency.com
3117111.com
sobrehosting.net
ddm123.xyz
toxcompliance.com
auditorydesigns.com
vliftfacial.com
ielhii.com
naameliss.com
ritualchariot.com
solchange.com
quatre-vingts.design
lawnmowermashine.com
braceletsstore.net
admappy.com
tollivercoltd.com
vaidix.com
rodrigomartinsadv.com
bouncingskull.com
hamiltonhellerrealestate.com
dream-kidz.com
growupnotgrowold.com
clanginandbangin.com
cornerstone-constructions.com
mcdonalds-delivery.xyz
omnikro.com
nca-group.com
hughers3.com
move-mobius.com
shrivs.com
hoshikuzu-hegemony.com
zpwx17.online
masoncable.com
butecreditunion.com
creativefolksnetwork.xyz
lejanet.com
tacticalslings.club
bestprodutos.com
quirkysoul39.com
sdettest.com
aomendc.xyz
lorticepttoyof6.xyz
nonvaxrnpositions.com
maintainaviation.com
kubanitka.com
fractalmerch.xyz
elbowguru.com
nikiyang.com
cialisactivesupers.com
bestofrochester.info
ynov-rennes.com
saiden8164.com
ffuster.com
papierle.com
dobsonfryedentist.com
rufisquoisedetransit.com
compassionatecuddling.com
kimlady.com
mashinchand.com
semicivilization.com
milamixecommerce.com
ambassadorandceoclub.com
Targets
-
-
Target
COMMANDE.exe
-
Size
300KB
-
MD5
15ed95eaed3d1031c2e7dcc9d129e0f0
-
SHA1
98148eb8665763ed2b1dafbe2050d4b638f5078f
-
SHA256
5310b41169311c55d3dbdd3bf129510349d4eccac82ebe11ab34be1a291f2916
-
SHA512
2bbc1be0e8a703071cc6859b83db4032f92ba234bf4e41b4a221eb29191a208564995b356b24de9727e0abf669a6f79986742be0321249a8d0041abcbd39b341
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-