General
-
Target
R00127789.exe
-
Size
754KB
-
Sample
220521-ahq8rsdbeq
-
MD5
5ade5905aebb3d0f6cafd3d36c01927b
-
SHA1
8b5f6901647c9f17114e3092fc2b226c7478121d
-
SHA256
d10a6b48293d226a0700a84f7dc756fe50c78a9d167500e3b3c763781c52b006
-
SHA512
c2e324286d7a819f9dc228b51258e888db980fbdd5a05171bd25ba6c742b3ff71d285db095ab7d577f620f8a3e5baba0c863154d4f63df6e5b1e0241362421a4
Static task
static1
Behavioral task
behavioral1
Sample
R00127789.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
mjup
cyqcc.com
mynext.guru
clickbuzz.tech
testingsitewp.store
starblast.space
xn--cocola-6wa.com
kathicrafts.com
tiktokshop.cloud
akasa42.com
therosedalefw.com
fabuluxepicnicsatl.com
dtoyer.com
trungtambtx.com
uploaded.space
newgradient.com
micron365.com
driving-ukrainka.com
feretsfreshcutsproduce.com
1781tudor301.info
mecca-services.com
privacyqlxyvu.online
tomopro.net
b8ceex.com
strategybllc.com
ivikno.com
lqydzc.com
toutbesoin.com
reunionwaveclassic.com
5ifbc.com
nailwrapsturkiye.com
greengriffinmerc.com
candeliver.online
sandifordprivatetutelage.com
ma7lat.online
zongzizaixian.com
groupsexlivecams.com
cookinggem.com
hojohotsprings.com
lefevrerealtor.com
nro-onc.biz
gloford.com
goldsmash.net
halachmi.online
kosherlending.com
asdspietro.com
trustwaves.net
ciscoworkplace.com
fluiwesn291-ocn.xyz
yangscatering.com
anushreehomemadeproducts.online
hallowseason.com
alsiaf.com
greatnotleyeast.com
plantssky.com
studiozaja.com
qugw.space
yukhappy.xyz
vanillabeer.gallery
alhambrainnjamaica.com
getaudionow.com
dalessandrolawgroup.com
zkuri.com
rocket-bet.com
apnagas.com
avisosclientes.com
Targets
-
-
Target
R00127789.exe
-
Size
754KB
-
MD5
5ade5905aebb3d0f6cafd3d36c01927b
-
SHA1
8b5f6901647c9f17114e3092fc2b226c7478121d
-
SHA256
d10a6b48293d226a0700a84f7dc756fe50c78a9d167500e3b3c763781c52b006
-
SHA512
c2e324286d7a819f9dc228b51258e888db980fbdd5a05171bd25ba6c742b3ff71d285db095ab7d577f620f8a3e5baba0c863154d4f63df6e5b1e0241362421a4
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-