General
-
Target
DOCUMENTS.exe
-
Size
862KB
-
Sample
220616-j944dadce3
-
MD5
53ae53a71c080b54af95ff0b759d0326
-
SHA1
ade19e6305e3342033a550a6e2b7d84f426b7be8
-
SHA256
57ac59a69f7b5366e58b18100717297d5ae1570252bf5f3bf3158d2de57e8002
-
SHA512
20ada04bd7e86e7baf4ea3b89bf9ad88e95215e2dc1443cd15ba2754de79d17fe7999fc45ad003ea396423509f0c291a754df4a1e28ba4736a9c7ae76459baaa
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.7
sdzp
hurntogtons.com
dd2buftl6ph7uy.life
boredasmr.com
blk-haulage.com
rlxscpe.com
hubinvoice.com
okanaganiced.com
jinghangxc.com
sipcargologistics.com
loversclubapparel.net
shumeldavisual.com
ds922.com
yousef.toys
notremuse.com
rentrentrent.online
ghettogunclub.com
nlsc.chat
greattaxhelper.com
wqedead.space
augustamobilenotary.net
machslicedbread.xyz
alec.coach
bagrefrigerator.com
virtualanimals.xyz
t1gu5w51saev1.xyz
betterviewconstructionlbk.com
sinibelanja.website
themgboutique.com
midbots.com
kamerad.xyz
milu176.com
windowparts.tech
roslandcapittal.com
onlinemarketingdegreesar.com
iluvads.com
neyine262.com
bikeell.com
madonna-king.com
veekvefs.com
otoonlineparca.online
breakroomcrew.net
usdtsearch.com
geroofl.com
futoukou-shien-navi.com
hghjvdssru00.com
ezalex.com
timinis23.com
digipubcity.com
cronos-dapp.com
oxfordwebsmithy.com
francelloscleaners.net
paragondronesolutions.com
kathhyhenslee.com
modelhouse-cyberhill.com
bellezadehoy.online
sessex-fx.com
progestionsoftwares.info
wolfgestione.com
gljxpj.com
eye-collection.com
thozhilmaster.com
beside-vas.com
comodoroaudio.com
drcvascular.online
orioncyberinternet.com
Targets
-
-
Target
DOCUMENTS.exe
-
Size
862KB
-
MD5
53ae53a71c080b54af95ff0b759d0326
-
SHA1
ade19e6305e3342033a550a6e2b7d84f426b7be8
-
SHA256
57ac59a69f7b5366e58b18100717297d5ae1570252bf5f3bf3158d2de57e8002
-
SHA512
20ada04bd7e86e7baf4ea3b89bf9ad88e95215e2dc1443cd15ba2754de79d17fe7999fc45ad003ea396423509f0c291a754df4a1e28ba4736a9c7ae76459baaa
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Looks for VirtualBox Guest Additions in registry
-
Xloader Payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-