General
-
Target
8fe2d31404fdfd858a4838e48748d4c4
-
Size
309KB
-
Sample
220606-3yffesdde6
-
MD5
8fe2d31404fdfd858a4838e48748d4c4
-
SHA1
d34430160082e0f63eccc468d9d18f156ef3a462
-
SHA256
6d3cf31316e14d2653db88411c2ca7c7a8b2bde44d5469bafd2f8ec9e3069f9d
-
SHA512
68540759d2d5431c426378c0600e3ddb48f1533ea3064de1a7bd06a40af15cd61762aec2bcc4b2402458ad36322326a0bbda55dce9490dffc100aebf61e41bd5
Static task
static1
Behavioral task
behavioral1
Sample
8fe2d31404fdfd858a4838e48748d4c4.eml
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
8fe2d31404fdfd858a4838e48748d4c4.eml
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
TT SLIP USD.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
nc39
bohicaapparel.com
chilliesofwoodstock.com
szcipa.com
nirmalaswagruhafoods.com
orbitas.online
bjvxx.com
atomvpn.site
thecanvacoach.com
thewhitelounge.com
trwebz.xyz
yiwanggkm.com
maggiceden-io.com
kimyanindelisi.online
xn--e02b19uo0j.com
kaola74.top
klcsales.net
renacerdevteam.com
talkmoor.com
seobusinesslistings.com
contractornurd.com
wolksquit.com
hamiltonspringfield.com
skinclash.com
d-web.net
tige03.xyz
thereeldecoy.com
dutyapparel.com
vicentedotorarquitectos.com
bensdrywall.com
domainnetwoks.com
incorrectbenevolence.com
ramvadher.space
dbluvt.xyz
laps-clicks.com
thewattelectric.com
fogpromo.com
ibcfitting.com
get25000today.com
do-hobbies-indoors.com
marmagdistribuciones.com
newworldtongpaihotels.net
3astratford.com
tocarrythemessage.com
57shasha.club
117colgett.com
captainnoclue.com
rapejesus.site
grandas-svoboda.com
apartmentpermis.com
greatco.biz
joneswoodworks.com
lilatoons.com
banalto.com
caycilargida.online
gangez.com
tw-life.net
treasuresofjudaica.com
monin.one
earthdefense.global
troolygood.com
eafc.tech
southcarolinawire.xyz
designstatussupport.com
moorblaque.com
arjimni.com
Targets
-
-
Target
8fe2d31404fdfd858a4838e48748d4c4
-
Size
309KB
-
MD5
8fe2d31404fdfd858a4838e48748d4c4
-
SHA1
d34430160082e0f63eccc468d9d18f156ef3a462
-
SHA256
6d3cf31316e14d2653db88411c2ca7c7a8b2bde44d5469bafd2f8ec9e3069f9d
-
SHA512
68540759d2d5431c426378c0600e3ddb48f1533ea3064de1a7bd06a40af15cd61762aec2bcc4b2402458ad36322326a0bbda55dce9490dffc100aebf61e41bd5
Score6/10-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
-
-
Target
TT SLIP USD.exe
-
Size
246KB
-
MD5
3176caf0fb0f4a7ab203bade6b8e46c7
-
SHA1
d7da95e9e16950eb756025ba4341b3a04405eef2
-
SHA256
e68092db2f07ac12f8400cb773e820c776c09e151e8747a5bc9aa6b7e211e37a
-
SHA512
9c4de123691564c542d6ac0939293f947827c4ea3ac8a90174619eb00ad83237f73e8d9b38df0041b4d16162b3cd7756de71e267c7dbe0fa67f0a60a3f6b724a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-