General
-
Target
8198859f6abcd854b1ab48c4081c4a4246e439c21d5e5b6d8975f382c9056002
-
Size
427KB
-
Sample
220521-c4ywvafab2
-
MD5
93b823b2d6a401101b8dffcaed401d4b
-
SHA1
2a85892ea96418d19233255145273635ca08794a
-
SHA256
8198859f6abcd854b1ab48c4081c4a4246e439c21d5e5b6d8975f382c9056002
-
SHA512
7dcdcd0039e72ded5d6a33a8bae2da6e9dc7735ec05ef6c1c4b78081da22096cb8979ecc52f7001434525cb4d07a55efbe4e9b72612f6234e216e73124944d49
Static task
static1
Behavioral task
behavioral1
Sample
Quote #121079_Price & Availability.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.1
cvd
wanda-dutyfree.net
m399999.com
adultoutopico.com
acappellawebradio.com
geetaisprings.com
californiacredit.repair
view-merchant.review
autoritecenter.com
lke7992.com
carroceriasalchichica.com
shanhaishidai.com
wuyounice.com
ahyingshi.com
eurocrypt.net
zvxhs.info
nxsexyvip.com
suffolkbuildingcontrol.com
sotruemobiledetailing.com
bizsolmx.com
personalidea.net
c-aesthetics.com
quanguixs.com
szhgprt.com
conferenceinmelbourne2017.com
smilevillage.win
woyaodani.com
woltbikes.com
tbmbgb.tech
truelovethatlasts.com
vidsummitlive.com
southalabamahomeschooling.com
chakrabalancetherapy.com
cross-bag.com
livest1ontheplains.com
gaemari.com
werebeancoffee.com
membershipmarketing.info
pakistaniinstitute.com
submarr.com
rideordie2k19.com
ramelgayrimenkul.com
web-start.info
playawesomeslots.com
appletreefarm.info
mightyheartspreschool.com
onoraodalis.net
settesecondicirca.com
clmsys.biz
fahabok.com
warwickfoodconsultants.com
cheaptolisbon.com
hcbusinessmedia.com
erwonventures.com
rmdequipos.com
mooreandmoorecrafts.com
davidrogersphotos.com
verlors.com
djdkkp.info
graphicdesignerlakewood.com
minutefountain.info
nirvanawebsolutions.com
fifarcade.com
thepodhome.com
mrsscottmlyes.com
magento-tracks.com
Targets
-
-
Target
Quote #121079_Price & Availability.exe
-
Size
628KB
-
MD5
5d061432063b989574425c27e749a0b1
-
SHA1
9770da0f429eaeae0834d73c563c316db62525ec
-
SHA256
d4224f6f5b734de53a5a7e5f5675b05f9a808deb058e64d00859146f8255594c
-
SHA512
5ac185a6d31beea556fa8695bd0952e45c9986d12b1e0faa102e3a91a6ef455326c1435907b882b25c411451094b193398eb154b0a10336d38b75972719699b3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-