General
-
Target
RQM6HLsZQYLa9qt.exe
-
Size
1.3MB
-
Sample
220328-net25sdhdm
-
MD5
2d42eded04b592b539951f61742a736a
-
SHA1
d0c31bc164b18121ceb884859a9a5a5547ee437e
-
SHA256
02ad8318feb2f8ce745e2cefa321f18d19b7ad72085664371033fada68bd6b91
-
SHA512
634e5223d883e42be784a02c4882109140ef7a42a781d4142978bf7a3da40ae4c535a5dffca1e26160542338c437fe44ce8f84f8ab32b7df328ad7837517f4ff
Static task
static1
Behavioral task
behavioral1
Sample
RQM6HLsZQYLa9qt.exe
Resource
win7-20220310-en
Malware Config
Extracted
xloader
2.5
wdc8
mygotomaid.com
joyoushealthandwellnessspa.com
wefundprojects.com
magicbasketbourse.net
vitos3.xyz
oligopoly.city
beauty-bihada.asia
visitnewrichmond.com
crgeniusworld.biz
bantasis.com
transsexual.pro
casagraph.com
eastjamrecords.com
howtotrainyourmustache.com
heiappropriate.xyz
bataperu.com
ces341.com
prajahitha.com
manuelagattegger.com
wolfpackmotorcycletours.com
yulietrojas.com
dariven.com
dd13thsept.net
kalpeshvasoya.com
theavarosecollection.com
bloody-randoms.com
yngo-arca.com
dealsoffer.xyz
marellaweddingplanner.com
seowongoopain.com
omightygod.com
dqblog.net
thethreadedbrow.com
medflex.center
filpify.com
chaletxp.com
santanderburge.com
171341.com
shannongroves.com
sisoow.quest
harleybowd.com
cardioflextech.com
exspv.com
permianbasinautismacademy.info
gardenchipvip.com
onsitemarketingsolutions.com
cvwerg.com
theketocopywriter.com
telarte-ceramicas.com
j2ig529zbahs.biz
oxygenii.com
extralegally.info
hbdlaq.com
themountainkings.com
fibliz.com
skyrangersfoundation.com
forbabylon.net
weilaiyitj.com
supplementstoreryp.com
thehappyartnook.com
houzzcoin.com
heyitsnew.com
jonnystokes.com
venuesgrantprogram.com
hamiltonrealestate.online
Targets
-
-
Target
RQM6HLsZQYLa9qt.exe
-
Size
1.3MB
-
MD5
2d42eded04b592b539951f61742a736a
-
SHA1
d0c31bc164b18121ceb884859a9a5a5547ee437e
-
SHA256
02ad8318feb2f8ce745e2cefa321f18d19b7ad72085664371033fada68bd6b91
-
SHA512
634e5223d883e42be784a02c4882109140ef7a42a781d4142978bf7a3da40ae4c535a5dffca1e26160542338c437fe44ce8f84f8ab32b7df328ad7837517f4ff
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-