General
-
Target
soa.exe
-
Size
733KB
-
Sample
220609-njr4cafecm
-
MD5
430cb910503e0fb17dea4259ad82e0c9
-
SHA1
2a6d2f9521ff771c5320719f7142ddec7163e2b7
-
SHA256
29e01694dfdb882f3922844f2fa640eb19fb99ff1179ac378df15b45fac32f11
-
SHA512
1cb05ab896d6f2ca211d25242fdf515ce7399e53bd09e697f621a6bc911a0ac098e9bfe3d5cbb623629e3ca10d5474d429bc8c07ab2a07d02f6c1fa9ea2dd288
Static task
static1
Behavioral task
behavioral1
Sample
soa.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
a8hq
veteransductcleaning.com
beajtjunkies.com
houseofascofi.com
scottsdalemediator.com
atelyadesign.com
profitcase.pro
imtokenio.club
qinglingpai.com
bigsmile-meal.net
daytonlivestream.com
aspiradores10.online
ytybs120.com
hdatelier.com
bearpierce.com
yeson28ca.com
booklearner.com
m8j9.club
mmophamthinhlegend.space
hq4a7o6zb.com
sophiadaki.online
sunraiz.site
calorieup.com
vighneshequipments.com
695522z.xyz
xjfhkjy.com
jcpractice.xyz
micahriffle.com
babiezarena.com
heythatstony.com
bmtjt.com
aete.info
yeyeps.com
chafaouihicham.com
globalider.com
uwksu.com
jimmy.technology
theveatchplantation.com
devondarcy.com
suburbpaw.online
ballsfashion.com
devsecops-maturity-analysis.net
naturealizarte.com
jpvuy.icu
algoworksconsulting.com
51jzsy.com
the-arboretum.net
sportsmachine.xyz
kemanewright.com
transporteslatinoberlin.com
multirollup.xyz
anaconda-otome.xyz
cheneiz.net
hillsbororosewoodresidences.com
sanphamgiadinh.xyz
xml-ott.com
aimdistributors.net
powergenaku.com
pt24lotto.info
healthyaging.partners
westsuits.com
decentralwebapp.online
mytropicaldreams.com
pravit-ball.online
northern-lights.info
simcondo.com
Targets
-
-
Target
soa.exe
-
Size
733KB
-
MD5
430cb910503e0fb17dea4259ad82e0c9
-
SHA1
2a6d2f9521ff771c5320719f7142ddec7163e2b7
-
SHA256
29e01694dfdb882f3922844f2fa640eb19fb99ff1179ac378df15b45fac32f11
-
SHA512
1cb05ab896d6f2ca211d25242fdf515ce7399e53bd09e697f621a6bc911a0ac098e9bfe3d5cbb623629e3ca10d5474d429bc8c07ab2a07d02f6c1fa9ea2dd288
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-