General
-
Target
VIREMENT.exe
-
Size
244KB
-
Sample
220410-spk97safdq
-
MD5
546ee858992bc35eaf00101cbb261471
-
SHA1
003d0953cd88b93206b92563779f76df890d31be
-
SHA256
264709538c4d306bfbf521a73d87b5753f38952b09f597ad405c934139a1082c
-
SHA512
1f2a8af32136206f8786daf92a7e55653a597cc762e1d8625964f8a84d3d82a12504d4b49047a149478151c83da421e238aff76535f4a180c627c42d271ebe10
Static task
static1
Behavioral task
behavioral1
Sample
VIREMENT.exe
Resource
win7-20220331-en
Malware Config
Extracted
xloader
2.5
cbgo
santesha.com
britneysbeautybar.com
sh-cy17.com
jeffcarveragency.com
3117111.com
sobrehosting.net
ddm123.xyz
toxcompliance.com
auditorydesigns.com
vliftfacial.com
ielhii.com
naameliss.com
ritualchariot.com
solchange.com
quatre-vingts.design
lawnmowermashine.com
braceletsstore.net
admappy.com
tollivercoltd.com
vaidix.com
rodrigomartinsadv.com
bouncingskull.com
hamiltonhellerrealestate.com
dream-kidz.com
growupnotgrowold.com
clanginandbangin.com
cornerstone-constructions.com
mcdonalds-delivery.xyz
omnikro.com
nca-group.com
hughers3.com
move-mobius.com
shrivs.com
hoshikuzu-hegemony.com
zpwx17.online
masoncable.com
butecreditunion.com
creativefolksnetwork.xyz
lejanet.com
tacticalslings.club
bestprodutos.com
quirkysoul39.com
sdettest.com
aomendc.xyz
lorticepttoyof6.xyz
nonvaxrnpositions.com
maintainaviation.com
kubanitka.com
fractalmerch.xyz
elbowguru.com
nikiyang.com
cialisactivesupers.com
bestofrochester.info
ynov-rennes.com
saiden8164.com
ffuster.com
papierle.com
dobsonfryedentist.com
rufisquoisedetransit.com
compassionatecuddling.com
kimlady.com
mashinchand.com
semicivilization.com
milamixecommerce.com
ambassadorandceoclub.com
Targets
-
-
Target
VIREMENT.exe
-
Size
244KB
-
MD5
546ee858992bc35eaf00101cbb261471
-
SHA1
003d0953cd88b93206b92563779f76df890d31be
-
SHA256
264709538c4d306bfbf521a73d87b5753f38952b09f597ad405c934139a1082c
-
SHA512
1f2a8af32136206f8786daf92a7e55653a597cc762e1d8625964f8a84d3d82a12504d4b49047a149478151c83da421e238aff76535f4a180c627c42d271ebe10
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-