General
-
Target
15c6da72eb32ee1b8ea97d4320a39dff
-
Size
936KB
-
Sample
220427-j3tztsheg5
-
MD5
15c6da72eb32ee1b8ea97d4320a39dff
-
SHA1
0033e3c5bf6d98124f273a68e3b0da9d12ea56c0
-
SHA256
5a116045f9e40be64ae46a63626844ed4dcc5a921485b681ebdbd217664e1342
-
SHA512
a3c5a3560e0fc07ce5b0d30247bda41eb71ec17b2423f586735262055d9e45c3d7421b714931935eae23aba0f273ce7e686cf595d22563052a4c6bb8ac3ff990
Static task
static1
Behavioral task
behavioral1
Sample
15c6da72eb32ee1b8ea97d4320a39dff.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
15c6da72eb32ee1b8ea97d4320a39dff.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.5
a2c8
sethdukes.online
hustl-hk.com
alienspacebabes.com
yitongbag.com
adlichoob.com
wejust5.com
wwwsnapfinancial.com
patriotcapitalgroupllc.com
divaconnectionbuild.com
adventureventures.net
jaromer.net
closureservices.com
sdc-english.com
fleet-lab.com
gtgits.com
clinicaorion.com
deleaderainfluenceur.com
honghuamach.net
638661.com
sleepgenies.info
strtplay2day.info
ellsworthfunds.com
workthered.com
handsomered.com
6953.online
discover4two.com
yshengxiang.com
thenicnackgyrls.com
deathtohope.com
lhdtrj.com
primedispatchers.com
rojosusa.com
ekini.online
hdlypx.com
trendsplayers.xyz
inclusichecks.com
idm-convention.com
efp-advisors.com
kansaslivestockfoundation.com
2020taxpros.com
chesexamprep.com
fking.biz
vmhenterprise.com
cherrythechickenandfriends.com
unheek.com
somnoengineering.com
aaraeg.net
jbzisha.com
healthoffword.xyz
redis76.com
gigtex.com
schoolaccred.net
vadiemfg.com
tbrme.plus
icdmeister.com
sunshinecoastfashion.com
babypasal.com
kaizenswinger.com
apfllcadvisors.com
cheffumeur.com
luzider-traum.net
functionalsoft.com
toityzvolat.quest
awla-bus.com
westexeurope.com
Targets
-
-
Target
15c6da72eb32ee1b8ea97d4320a39dff
-
Size
936KB
-
MD5
15c6da72eb32ee1b8ea97d4320a39dff
-
SHA1
0033e3c5bf6d98124f273a68e3b0da9d12ea56c0
-
SHA256
5a116045f9e40be64ae46a63626844ed4dcc5a921485b681ebdbd217664e1342
-
SHA512
a3c5a3560e0fc07ce5b0d30247bda41eb71ec17b2423f586735262055d9e45c3d7421b714931935eae23aba0f273ce7e686cf595d22563052a4c6bb8ac3ff990
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
ModiLoader Second Stage
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-