General
-
Target
tmp
-
Size
257KB
-
Sample
220514-r648zacfgm
-
MD5
de76ef6a11a63efc00b0303888bc0b7f
-
SHA1
7ab24456a49f6b61bc54d20a4d9c0b84f3ae696b
-
SHA256
fc6ebe8bc215a292bb3df340a84350ceb2be7187efc8e10381235cfa8d82f734
-
SHA512
51a5cf0f640d922ec0d8bf5ba3fcc06b6278e3ac45f07190710c5055a23102a614443641d8b6617775d5a786ccb1e9d10404dfa0e146e6c8ec3481c616214d99
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
nc39
bohicaapparel.com
chilliesofwoodstock.com
szcipa.com
nirmalaswagruhafoods.com
orbitas.online
bjvxx.com
atomvpn.site
thecanvacoach.com
thewhitelounge.com
trwebz.xyz
yiwanggkm.com
maggiceden-io.com
kimyanindelisi.online
xn--e02b19uo0j.com
kaola74.top
klcsales.net
renacerdevteam.com
talkmoor.com
seobusinesslistings.com
contractornurd.com
wolksquit.com
hamiltonspringfield.com
skinclash.com
d-web.net
tige03.xyz
thereeldecoy.com
dutyapparel.com
vicentedotorarquitectos.com
bensdrywall.com
domainnetwoks.com
incorrectbenevolence.com
ramvadher.space
dbluvt.xyz
laps-clicks.com
thewattelectric.com
fogpromo.com
ibcfitting.com
get25000today.com
do-hobbies-indoors.com
marmagdistribuciones.com
newworldtongpaihotels.net
3astratford.com
tocarrythemessage.com
57shasha.club
117colgett.com
captainnoclue.com
rapejesus.site
grandas-svoboda.com
apartmentpermis.com
greatco.biz
joneswoodworks.com
lilatoons.com
banalto.com
caycilargida.online
gangez.com
tw-life.net
treasuresofjudaica.com
monin.one
earthdefense.global
troolygood.com
eafc.tech
southcarolinawire.xyz
designstatussupport.com
moorblaque.com
arjimni.com
Targets
-
-
Target
tmp
-
Size
257KB
-
MD5
de76ef6a11a63efc00b0303888bc0b7f
-
SHA1
7ab24456a49f6b61bc54d20a4d9c0b84f3ae696b
-
SHA256
fc6ebe8bc215a292bb3df340a84350ceb2be7187efc8e10381235cfa8d82f734
-
SHA512
51a5cf0f640d922ec0d8bf5ba3fcc06b6278e3ac45f07190710c5055a23102a614443641d8b6617775d5a786ccb1e9d10404dfa0e146e6c8ec3481c616214d99
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-