General
-
Target
0018389938.exe
-
Size
971KB
-
Sample
220506-e1yg1sbhfn
-
MD5
3f732abe929e5441ece5c7e01b1f2b86
-
SHA1
f738d5bbba0c0589fed01612263aa439e828ea37
-
SHA256
8cc79dccb652d3798039383ca1068e18e68f129e43cc278797b5bb45645c98ce
-
SHA512
33e0d108f8d6504f98f489be9338b3b440be7bde80e6b9ea4d0683b9745a5658a0b27bc74c9acd7e74b13ee98859510556ee2a88eb6d7c2ac3a218ae6e513971
Static task
static1
Behavioral task
behavioral1
Sample
0018389938.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
mjup
cyqcc.com
mynext.guru
clickbuzz.tech
testingsitewp.store
starblast.space
xn--cocola-6wa.com
kathicrafts.com
tiktokshop.cloud
akasa42.com
therosedalefw.com
fabuluxepicnicsatl.com
dtoyer.com
trungtambtx.com
uploaded.space
newgradient.com
micron365.com
driving-ukrainka.com
feretsfreshcutsproduce.com
1781tudor301.info
mecca-services.com
privacyqlxyvu.online
tomopro.net
b8ceex.com
strategybllc.com
ivikno.com
lqydzc.com
toutbesoin.com
reunionwaveclassic.com
5ifbc.com
nailwrapsturkiye.com
greengriffinmerc.com
candeliver.online
sandifordprivatetutelage.com
ma7lat.online
zongzizaixian.com
groupsexlivecams.com
cookinggem.com
hojohotsprings.com
lefevrerealtor.com
nro-onc.biz
gloford.com
goldsmash.net
halachmi.online
kosherlending.com
asdspietro.com
trustwaves.net
ciscoworkplace.com
fluiwesn291-ocn.xyz
yangscatering.com
anushreehomemadeproducts.online
hallowseason.com
alsiaf.com
greatnotleyeast.com
plantssky.com
studiozaja.com
qugw.space
yukhappy.xyz
vanillabeer.gallery
alhambrainnjamaica.com
getaudionow.com
dalessandrolawgroup.com
zkuri.com
rocket-bet.com
apnagas.com
avisosclientes.com
Targets
-
-
Target
0018389938.exe
-
Size
971KB
-
MD5
3f732abe929e5441ece5c7e01b1f2b86
-
SHA1
f738d5bbba0c0589fed01612263aa439e828ea37
-
SHA256
8cc79dccb652d3798039383ca1068e18e68f129e43cc278797b5bb45645c98ce
-
SHA512
33e0d108f8d6504f98f489be9338b3b440be7bde80e6b9ea4d0683b9745a5658a0b27bc74c9acd7e74b13ee98859510556ee2a88eb6d7c2ac3a218ae6e513971
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-