General
-
Target
6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
-
Size
275KB
-
Sample
220513-r8vgjsgff2
-
MD5
b5691d968eccd79d3b535e2686cb1a03
-
SHA1
94d44d86ce784de393323a58474224731189c19b
-
SHA256
6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
-
SHA512
fbb331868c26b6d01553b19571f7ab66d97f049ad8323168189302d6f4d20df5af6ec9528d204130e609807d796f9f081dfc4a50cd5692e38169aa9223ceb849
Static task
static1
Malware Config
Extracted
xloader
2.5
bs8f
atmospheraglobal.com
dontshootima.com
bestofferusde.club
yourdigitalboss.com
breskizci.com
myarrovacoastwebsite.com
reasclerk.com
efrovida.com
wsmz.net
upneett.com
loefflerforgov.com
noida.info
trndystore.com
arhaldar.online
vivibanca.tech
mykrema.com
vseserialy.online
ridgewayinsua.com
heauxland.com
bestcollegecourses.com
scent-kart.xyz
handyman-prime.com
wrightpurpose.com
hellounio.com
wealthy-link-erp.com
josegal.com
texasdominionrealty.com
hespresso.net
dreamonetnpasumo5.xyz
videosmind.com
abbawaalema.quest
esmtoluca.com
2382108759.com
akbastionoffilamentousfungi.com
electramanpower.com
siguealpanda.com
alquilerfurgon.com
3-little-pigs.com
esolutions4u.com
thatgolfer.com
biom4rk.com
paramusapartments.com
mothergadgets.com
ktnreport.xyz
amxdrivers.com
buymyhomeallcash.com
lifeisthere.com
nous-citoyens.com
destimarketing.com
lawinepro.com
littlenorwayfarmhouse.com
realworldgb488.rest
qualinorm.com
capitaltechcorp.com
familybeautifull.com
continentaldeal.com
scratchforce.com
veganbreathing.com
hickoryfalls-pm.com
pascal-rocha.com
20kretirementplan.biz
lehome.store
hellanatural.com
hnythao.com
gnizdo.online
Targets
-
-
Target
6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
-
Size
275KB
-
MD5
b5691d968eccd79d3b535e2686cb1a03
-
SHA1
94d44d86ce784de393323a58474224731189c19b
-
SHA256
6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
-
SHA512
fbb331868c26b6d01553b19571f7ab66d97f049ad8323168189302d6f4d20df5af6ec9528d204130e609807d796f9f081dfc4a50cd5692e38169aa9223ceb849
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-