General
-
Target
tmp
-
Size
193KB
-
Sample
220506-rszrbsaab3
-
MD5
4ef1cf561792490cfc119a6f4b9433cc
-
SHA1
6c7cfb9a79edeba7859088ca1a1f9da6d236facb
-
SHA256
25148c38c34edf03d8c2610e75188f9223421978e0a73eec5c8a303ca1280d07
-
SHA512
ba4d5b504491e9ed078b51235c3f1a6af7ff769a70ff6127297a03c299a6fe8f7ea1bdea158ff2624d2e9949125a3802255350e748ee263befc9e820e9530813
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
bs8f
atmospheraglobal.com
dontshootima.com
bestofferusde.club
yourdigitalboss.com
breskizci.com
myarrovacoastwebsite.com
reasclerk.com
efrovida.com
wsmz.net
upneett.com
loefflerforgov.com
noida.info
trndystore.com
arhaldar.online
vivibanca.tech
mykrema.com
vseserialy.online
ridgewayinsua.com
heauxland.com
bestcollegecourses.com
scent-kart.xyz
handyman-prime.com
wrightpurpose.com
hellounio.com
wealthy-link-erp.com
josegal.com
texasdominionrealty.com
hespresso.net
dreamonetnpasumo5.xyz
videosmind.com
abbawaalema.quest
esmtoluca.com
2382108759.com
akbastionoffilamentousfungi.com
electramanpower.com
siguealpanda.com
alquilerfurgon.com
3-little-pigs.com
esolutions4u.com
thatgolfer.com
biom4rk.com
paramusapartments.com
mothergadgets.com
ktnreport.xyz
amxdrivers.com
buymyhomeallcash.com
lifeisthere.com
nous-citoyens.com
destimarketing.com
lawinepro.com
littlenorwayfarmhouse.com
realworldgb488.rest
qualinorm.com
capitaltechcorp.com
familybeautifull.com
continentaldeal.com
scratchforce.com
veganbreathing.com
hickoryfalls-pm.com
pascal-rocha.com
20kretirementplan.biz
lehome.store
hellanatural.com
hnythao.com
gnizdo.online
Targets
-
-
Target
tmp
-
Size
193KB
-
MD5
4ef1cf561792490cfc119a6f4b9433cc
-
SHA1
6c7cfb9a79edeba7859088ca1a1f9da6d236facb
-
SHA256
25148c38c34edf03d8c2610e75188f9223421978e0a73eec5c8a303ca1280d07
-
SHA512
ba4d5b504491e9ed078b51235c3f1a6af7ff769a70ff6127297a03c299a6fe8f7ea1bdea158ff2624d2e9949125a3802255350e748ee263befc9e820e9530813
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-