General
-
Target
63432f8db655602a09f399a33736bb8b
-
Size
368KB
-
Sample
220616-lg9t9scgcr
-
MD5
63432f8db655602a09f399a33736bb8b
-
SHA1
ff89e79ca601a15eb1eb1db09574cc86473009ed
-
SHA256
5499722e1f4ec7741ea1dcf1eca662770ce18522e37bab9688b93b43e7c542c1
-
SHA512
bc07d34816a2939e345747c582b31626cc2094d33912e95b9f59579cef492c4f8ee05d6ea7553c797681aed9763f0911f687b3a5c9dfd7e90ba945b2820e3cf9
Static task
static1
Behavioral task
behavioral1
Sample
DHL Receipt.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.8
k0dn
T7P6iI21J+kfXKlzSbMmKg==
8ydBXovaF9iFIHY/2ny03yGRZ3Kz
jGv2GQ1OhAyHLK1I2NA=
lfc/U27HEsfvL35ZSbMmKg==
IQYzRVqb9KlUkJQ=
4+372KGkJxXgWw==
aIsVb70Hz5GNaH5n
590Orgru5qEKMCa8hY/h
5UXPfcdhZuKNaH5n
WckGHJB+EdzDTps=
b9dtfhiEzC8=
pwtN2vo54alUkJQ=
8GiuxgFloDy6A5lxDQ==
oA5T3vk478TtNUISrFrOTNUQoQ==
g5KNqj7ZVC7pnOezYkm+9z+tw4Ob2Stq
bFKZMSlG2JG6XJY8KtX2
mYfUAxdpZzO0VQ==
8F2fstAL/wKmTA==
tJ/ZdOFw2KPm/QHhnEzsEGecd7jQIQ==
Q7HwfoOL8alZho0=
ebfjdYXdjyEeSF401I638nQ=
QClxfdJnXyDLE2hIAsWhDmmQ
vU0zVcgIliU=
mXuRsOVe0Hj5oOnBrSicmN0Mpw==
vKnV7yJ4qD7EZqZvSbMmKg==
sQ5P198JhPX8cXZW+ulXivBZNlyq
WMsgU4vaEeCZC5x3Gg==
fes40tcSxmBX0RDifS0ghxM6n0S/bXw=
t5nNa4TdrWoZYKVvJOT/NKTS6A6b2Stq
GEjdduN8+NWONHlJ/vpbltYFpg==
7CQwvOIx4mloAI0n2M0=
I0nU7v1bVSCrVrJv
JIAjrtsKBiG3UoM=
SSc7yiE68XQJMy68hY/h
u/IDpOJiaOdhpbqJSxQ1buhZNlyq
/NzS+XD2Zw==
lIDDzCqvqzy6SX1VSbMmKg==
8wEwzOkPkRsMAToSnpj+
fFN1DSdkJvjCDGVOBMShDmmQ
qBJU3Nwb6bzyRY0n2M0=
xPOIopXYBIwPWV0/8umR0cv8pA==
2ssEL1+v5qrpIGxB8uiYApf5aaa9
bttvDAcZmhqwvb+oWkW49XCMd7jQIQ==
Ph0rRJcuXVWClI0=
MAAZKCs3H+mOlJ08KtX2
nszkh7wHvI5Sam096uNchc/7DBKb2Stq
RHgTpAaLDpqdSIdlAPaS0cv8pA==
ds8TtfFIHYhJh3Rw
adRZ8Q87rIvNAFk18/WS0cv8pA==
w63lf4GZK+CZ1msNpJr+
b1dwjLILPBG68D8jrZ1HSmGId7jQIQ==
tY/ZtR3G/wKmTA==
/1bF3nzbGu8e0msNpJr+
v5y5wym0o3WsZaA8KtX2
Y3Ynufl6uoCGysZ0Vkyv6GiY
+eBrAkW/PsGwy8ihRwJ26G0=
6RcwWaUssUA3aLVG4tQ=
Cj/gc7EqohwEHxsPpqtBNmHFJKXJIw==
reF9lO1oWizY4enFZmO5AXuH
spPMZHfDfxQDRo0n2M0=
5A+aHGvaEJcKU9jCeznnIg==
iOR5maf0QAIzREMfpqtJTmmMd7jQIQ==
qt2BGw1TC5R9AI0n2M0=
0c8OOGfd/wKmTA==
ipx541.com
Targets
-
-
Target
DHL Receipt.exe
-
Size
388KB
-
MD5
fa794359331a2f4e8dfc9f1ef708c81a
-
SHA1
89ebc66d6914963eed7c38d054c7bcdacff4a6c3
-
SHA256
575270987483aa95a9dcdbe5b0949f1c28d21a89fed663139efc9beb8c6f75f4
-
SHA512
59c5e820d212f6ca51fbbe8fff8ce4a23753ac1f0b7511f70b8310e6570740d6603ad2e866f28f81d8e6fedc9a633e3c2f9ae834d968d66f847a40f4fa401ba4
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-