General
-
Target
b116243ed4215cbcb325a827d11cdc68.exe
-
Size
245KB
-
Sample
220512-jdhv9sbah5
-
MD5
b116243ed4215cbcb325a827d11cdc68
-
SHA1
c9ef499d8ec2966dda389ce769012b4ad6661cbc
-
SHA256
ecd736b3ee17564a101bfdf8ff757edf53948a983ef1c1dd088cd9f214034990
-
SHA512
39543aa90882920e8ba46777eb092abb678471c7cc7876d1ad98b2d4b1c6f4f50669d18c764c3b655866a682acabe2b73e1958be5a4ebfc0973574d210393ef3
Static task
static1
Behavioral task
behavioral1
Sample
b116243ed4215cbcb325a827d11cdc68.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
bs8f
atmospheraglobal.com
dontshootima.com
bestofferusde.club
yourdigitalboss.com
breskizci.com
myarrovacoastwebsite.com
reasclerk.com
efrovida.com
wsmz.net
upneett.com
loefflerforgov.com
noida.info
trndystore.com
arhaldar.online
vivibanca.tech
mykrema.com
vseserialy.online
ridgewayinsua.com
heauxland.com
bestcollegecourses.com
scent-kart.xyz
handyman-prime.com
wrightpurpose.com
hellounio.com
wealthy-link-erp.com
josegal.com
texasdominionrealty.com
hespresso.net
dreamonetnpasumo5.xyz
videosmind.com
abbawaalema.quest
esmtoluca.com
2382108759.com
akbastionoffilamentousfungi.com
electramanpower.com
siguealpanda.com
alquilerfurgon.com
3-little-pigs.com
esolutions4u.com
thatgolfer.com
biom4rk.com
paramusapartments.com
mothergadgets.com
ktnreport.xyz
amxdrivers.com
buymyhomeallcash.com
lifeisthere.com
nous-citoyens.com
destimarketing.com
lawinepro.com
littlenorwayfarmhouse.com
realworldgb488.rest
qualinorm.com
capitaltechcorp.com
familybeautifull.com
continentaldeal.com
scratchforce.com
veganbreathing.com
hickoryfalls-pm.com
pascal-rocha.com
20kretirementplan.biz
lehome.store
hellanatural.com
hnythao.com
gnizdo.online
Targets
-
-
Target
b116243ed4215cbcb325a827d11cdc68.exe
-
Size
245KB
-
MD5
b116243ed4215cbcb325a827d11cdc68
-
SHA1
c9ef499d8ec2966dda389ce769012b4ad6661cbc
-
SHA256
ecd736b3ee17564a101bfdf8ff757edf53948a983ef1c1dd088cd9f214034990
-
SHA512
39543aa90882920e8ba46777eb092abb678471c7cc7876d1ad98b2d4b1c6f4f50669d18c764c3b655866a682acabe2b73e1958be5a4ebfc0973574d210393ef3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-