General
-
Target
0x000900000001316f-58.dat
-
Size
174KB
-
Sample
220616-hhxpjsabd2
-
MD5
4e4fe9a1e4568efac0293fcaf431f2da
-
SHA1
c17588029ab95904ab548b5c8fb4dc626e1d8d12
-
SHA256
929b0c7d953ee579a49a6d4a9456a1a45a9f4e81933adf6a07b34d6669f096b6
-
SHA512
7a323280ef25c208fbe726e5ba21200ec9af976f30da3ea330387afe95c41ad082404d4cd811672f0b7e9764759c8cc7b1b2252da242ff8253e429bb2cc7a461
Behavioral task
behavioral1
Sample
0x000900000001316f-58.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.8
r4wf
eQLhwti8E4CX1m8bp0WK2Q==
axoAyf6nwR9Y43o1nFx+930=
vf9fMlHrgdcI
TRQU8PPgFWegAcLFsjQ5TUX2
CFXUiz7SjsLqcQ==
XKeIL6Nmg+8pokY+wjaooasXRQIt
NLSkgIdanO/4SNPAdlKUrIms7Q==
TTKhgqyuCnCmH7yGa12g8HXrnY/nKGI=
5X0d70pNfaYGRgI=
fXXOk9C1+U9bhkIBIqn8
dN7HmMiv/TtAgyP2tYrEG2Yq4Yw=
HRqUgbJeorn4Zg==
MZ7Sh6xm71vhCNLW
7iFsO188fKYGRgI=
o9VC9kgPVXmCz2gBIqn8
B0y+iMbD+lzhCNLW
ciUeBS0WbdHuVGH+xJU=
Q3334PeyxydNmzoBIqn8
kgHx3RbrgdcI
WQjgo8h9g6YGRgI=
5RSWW31YnAQ0ly3EKxV49Ju7soyJQA==
jnvHrOp+rylh3aQZihBxX5AXRQIt
UvzhyOTBC1WuFalOvTeQFGYq4Yw=
JZKCTnBTlejw6sWEQmBrwWQ=
PsvChalcbbW9/sl9iUyM/Y4MyIY=
twF0UY9YdMf/SOXm7kJHrIms7Q==
U8aniaNnU7TGF6KgX7kkEAfBuXDcuj58
d6kL7Q/Dsv8Qai4y5Dx+bHXrmY/nKGI=
Oy7kr7SLuiFlumMrnFx+930=
YKA43EILPp68Ls2R9Lu9Xg915Q==
OsbEm83iRasRDcDP
N7SzS9W0uRU3jEw+7ZvgQsW07A==
f3LUyOCo6jdfwW4AY1CXrIms7Q==
UVexkL12kKr2QwPEJZ0=
F5PLbMl0rduR24TB
yZuGQ1U5f6YGRgI=
HEOfhKiQJVuUF6ox6uNR0Q==
Y0y0eYw9Q5bD79Ruvg==
aILeq6iNyQqR24TB
dHbUZQWZqMpavHb50CBVrWo=
lEsUpuTUL4KuEa6EVT+F1B7Jgx0z
LDSDX4NENrXnVxAP2rblGjXr
blvKotCPoer5Rvy6VxBcwA==
KMS/ofYGorn4Zg==
EZW+YNdYd+M=
Bop1VFUuccfWIKWmp0WK2Q==
iQDv0R3h0/YxkBU=
NjOefp48RqfbFrOKbecxadZp8ZE=
kTsuEDj5OizhCNLW
w/RTHy0Lc7fSD97wsgCGrIms7Q==
8x18XKJyZ8T1aGH+xJU=
vmxeL0noCmyZBdKGyiE5TUX2
eF22k9DMDF2P/7CBQlx+930=
wO1QPF42ctH+cRIR1is5TUX2
HbqukMjFFHHhCNLW
D0qyl8BhFPRQybNMMafz
rPZqR1Xy/l2Z9H10TVx+930=
bJwP3QPxOZOO0no3oBxixV7nmo/nKGI=
mwL41gvf3SJgzbVlwoI=
dCYI1OqmwRErjloyoInfIWYq4Yw=
Sks251UsiN4K
6qGScqVeRZ7IIuHhx1R7o8aZiyMl
EDaaWIxK/t+R24TB
NSyQY6+MoLlHKmH+xJU=
heatedaffaisr.com
Targets
-
-
Target
0x000900000001316f-58.dat
-
Size
174KB
-
MD5
4e4fe9a1e4568efac0293fcaf431f2da
-
SHA1
c17588029ab95904ab548b5c8fb4dc626e1d8d12
-
SHA256
929b0c7d953ee579a49a6d4a9456a1a45a9f4e81933adf6a07b34d6669f096b6
-
SHA512
7a323280ef25c208fbe726e5ba21200ec9af976f30da3ea330387afe95c41ad082404d4cd811672f0b7e9764759c8cc7b1b2252da242ff8253e429bb2cc7a461
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-