General
-
Target
5e9aba7aa4cb5b012889435a0bdaf3ac311ff6c7545b5c156f7c3cd3e3510f34
-
Size
253KB
-
Sample
220510-3v8ykaafh3
-
MD5
a6481e8a071be497473fd37fdabe8d83
-
SHA1
64ca16d365f80e529446583a8900b7b28d356487
-
SHA256
5e9aba7aa4cb5b012889435a0bdaf3ac311ff6c7545b5c156f7c3cd3e3510f34
-
SHA512
1c96776e99411ae50df9cbd534eba221440e6363798458d4668580a0da0dbb5bf37848aad7f19e4de04f907f784492622c88a8f9b770541e9456950b5e259b81
Static task
static1
Malware Config
Extracted
xloader
2.6
arh2
hstorc.com
blackountry.com
dhrbakery.com
dezhouofit.com
defipayout.xyz
ginas4t.com
byzbh63.xyz
qrcrashview.com
mialibaby.com
enhaut.net
samainnova.com
yashveerresort.com
delfos.online
dungcumay.com
lj-counseling.net
fliptheswitch.pro
padogbitelawyer.com
aticarev.com
sederino.site
bestplansforpets-japan3.life
radicallysimplesupps.com
sandbagmaker.com
misdcf.xyz
nbpz.xyz
floridasunbreaks.com
justfinishesofcolorado.com
homemethtestkit.com
chaquetashapticas.com
zodiactshirt.com
tees.email
zxzx999.com
tempepdf.com
watchusroll.com
parotacenter.com
assistcourse.online
paulstilingroup.com
cnbcfx.com
mooncore.xyz
laplugnation.com
gosti24.com
cthomassolutions.com
rkhubs.com
aboutpier.com
multimediaroomandboard.com
iamparrot.com
wifitest.info
nounworld.com
xpartner.biz
128grandviewdrivenewportnsw.com
bakiin.com
suitcell.com
onehitgamerstudios.com
bathingsuitsshoppingus.com
wingstarifa.com
ccasudqi.com
epiconscious.com
ponponshoes.com
cicom.tech
safetynetinc.net
recanto.xyz
sellsidelite.net
kevmoinesproperties.com
hdwallpaperpics.life
57gznfw.xyz
abtys6.online
Targets
-
-
Target
5e9aba7aa4cb5b012889435a0bdaf3ac311ff6c7545b5c156f7c3cd3e3510f34
-
Size
253KB
-
MD5
a6481e8a071be497473fd37fdabe8d83
-
SHA1
64ca16d365f80e529446583a8900b7b28d356487
-
SHA256
5e9aba7aa4cb5b012889435a0bdaf3ac311ff6c7545b5c156f7c3cd3e3510f34
-
SHA512
1c96776e99411ae50df9cbd534eba221440e6363798458d4668580a0da0dbb5bf37848aad7f19e4de04f907f784492622c88a8f9b770541e9456950b5e259b81
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-