General
-
Target
tmp
-
Size
520KB
-
Sample
220514-sn41xscggp
-
MD5
47811f527386f1024081701f3812deb7
-
SHA1
16934d7dbc4ad5f583f3721e180c0669a57c5c84
-
SHA256
508cb22224be3ffe5f189767b150490b717fdfbbdea4ea41c3a1add4ecfe7730
-
SHA512
df060d3d595f6da2a25f54c8ecf4398bbe83c3bc39f15c258f3a984a77578389019095355f082adb9a4921390bf53c2c06b098cb7a9639ef1c13cc343fcc4f03
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
r87g
gzjyjzsj.com
rapibest.com
affordablebathroomsbyfrank.net
roboruben.com
xn--dlisucr-byag.com
encoreasso.com
piscire.com
dixiebusybee.com
newrome.xyz
sunshinejon.com
glacierforfcs.xyz
borhanmarket.com
tous-des-cons.club
hsfstea.com
spiniform.info
vaicomfibra.com
shinigami.xyz
kryptoindia.com
listentoappetite.com
securepplpay.com
savannabrazell.com
dallascowboysticket.online
lemuria4.online
pakistaninusa.com
realdigitaldivide.com
nameandlikenesslabs.com
icris2021.com
amorporlaropa.com
xgirlstar.com
localhuktoyof6.xyz
about-times.xyz
withvertex.com
newtajmahalfashion.xyz
myapple3.com
sjitcom.com
shemanifesteverything.com
nft2yuan.com
misfitlamps.com
nordicautoparts.net
precisecleanteam.com
unmoro.com
gh-michikusa.com
usbgdt.net
ordt.xyz
hcaptchabypass.com
samedaycash.loan
lavistacaffe.com
alicekay.online
aceproservices.net
androidapdate.com
kredsen.website
southwinds-kolkata.com
069superbetin.com
adorablymeboutique.store
xbet973.com
xn--czrr40i.xn--io0a7i
shadow-marketing.com
license-plate-find.online
wwwoneparkfinancial.com
milehighrenewals.com
scyxmq.com
mbdeyren.com
nottryingdoing.com
homesandhorse.com
stpaulsschoolbagidora.com
Targets
-
-
Target
tmp
-
Size
520KB
-
MD5
47811f527386f1024081701f3812deb7
-
SHA1
16934d7dbc4ad5f583f3721e180c0669a57c5c84
-
SHA256
508cb22224be3ffe5f189767b150490b717fdfbbdea4ea41c3a1add4ecfe7730
-
SHA512
df060d3d595f6da2a25f54c8ecf4398bbe83c3bc39f15c258f3a984a77578389019095355f082adb9a4921390bf53c2c06b098cb7a9639ef1c13cc343fcc4f03
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-