General
-
Target
6923c6b53ceaec1d925149106d9d29c7d35af3542beca0bcbd9333f4ea28e67b
-
Size
317KB
-
Sample
220521-dbyaaaaebp
-
MD5
949e3fdfe6efdb89fff9d5644f574f93
-
SHA1
4724e111f096b404014e26f00a3a7a7bc14f9a49
-
SHA256
6923c6b53ceaec1d925149106d9d29c7d35af3542beca0bcbd9333f4ea28e67b
-
SHA512
31e54ab4f8005cbba5fa92e7a1b0b3f431ef4de227f2ead0836737cf592714dea53581268d8b1e12b2880dca7529ee4397f8b1b94581e44bd9d3a16bd1618f31
Static task
static1
Behavioral task
behavioral1
Sample
request for quotation samples No 48576935 96877463.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.1
iwnn
laerteskft.com
growingstrongbook.com
bridgecounsel.com
takeabreakfromwork.com
www2998s.com
rvaimportados.com
zelfstandigondernemen.online
connectinglifes.com
ecopt.win
bwwvuih.com
designingbeyondmyeloma.com
apprentisageaplus.com
walkintubstoday.sale
littlemexicoimports.com
getaltai.com
sbd55999.com
nu000.com
theconsciouscookingcompany.com
jelancer.com
osusume-toushiseminar.com
grandis16v.info
venturacaraccidentattorney.com
shadesofunity.com
shinephotographydesign.com
sportweights.net
duki.ltd
dutchlion.solutions
blockshow.info
property-shark.com
yourgolfersagent.com
heatingtoken.com
mrhira.com
ncmkwd.info
immobilier-1800.com
aloyadakmashin.com
xn--polticadelopersonal-n1b.com
nbgadgets.com
brightwaycapecoral.com
metrocommunitynews.com
thegirlwithmightyinks.com
7380pe.com
ondemandleadsagency.com
kysaves529.com
microgreensprout.com
progressivecarlogin.com
freemifr.com
danielzig.com
greathomes8.com
lzsmsm.com
denverpropertybrothers.com
fearlesslocal.com
mothershipantarctica.com
xvjsvjsgjegjeg.net
fundatio.biz
lzcold.com
muskoxs.com
colobo.net
querohostel.com
floreverarlander.com
creativenailartblog.com
trouwfabriek.com
veriipay-sicher.info
tamparubber.net
electrifiant.com
mage-cart.info
Targets
-
-
Target
request for quotation samples No 48576935 96877463.exe
-
Size
419KB
-
MD5
6ceb03b6435eefad76639a03a22ce0fb
-
SHA1
f1a37e2f2cc7de7eed2403af42a446050a6610fd
-
SHA256
b32579e01c28fc0a157f14ce8c679d02fcd1f5c03f8eef56ba6a77a627786d84
-
SHA512
1987f6e1573ace6e6fa2b4c4409e7af1d7db12ab40593c8898a12c135aa0168c7772ae1727072e867311f4bd068a40b49c996102a05f80d5618de0f76d8b330b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Suspicious use of SetThreadContext
-