General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.1501.6790
-
Size
382KB
-
Sample
220616-mqh9caghb2
-
MD5
69179c129ec075bdad74d208e7514f7e
-
SHA1
255fbb79b1d201a02d1e905619aa79925d9499f7
-
SHA256
0ab8978869103e7594108e31a46cb1c7e62cb47ad44ab930fc17ccc2fb57daea
-
SHA512
c4f263758bc90a148e41a72fd10e7592622fa19f45b16cd2db973c6d37b66af53d7200ba9502137013d8517a258b1d5ed85a68aafbda16877aee1294d80a43ab
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.1501.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
tn61
ryliehorrall.art
mesdco.net
street-art-ink.com
sepetcin.com
stilghar.com
hawaiipooltiles.com
fuerst-von-falkennest.com
totalvirtue.com
xdk0blc0tqy6a7.life
zootowngravel.com
kreditkarten-optionde.com
6888tlbb.xyz
albertakleekai.com
travelnurseinfofinder3.life
valleyinnswat.com
secure-remove-devices.com
digitalswamy.com
www112casinova.com
medifasttrd.com
distritoxermar.com
ebwagner.com
biworker.com
0571kt.net
mjuelaw.com
buildlimitlesswealth.com
wbclips.com
session.care
museatthemill.com
pjhxsl.com
momentums6.com
electricbike.energy
accommodations.network
libroskolibris.com
sejintech.net
parkchestergardens.info
gndgame.info
arcwarp.com
aboveallonline.com
dinotacker.com
ufc188livestreamfree.com
saulomar.com
atmworldexpo.com
chooox.com
admissium.com
dacdem.com
oneruk-chandeliercleaning.com
oyster-iot.cloud
mutinybrewworks.com
yaoih.com
dmitchellpropertiesllc.com
nuoicaymosaigon.com
peacockgotv.com
nextr.xyz
bidvastil.com
shahanhan.com
goodlordy.net
banlyeojob.com
tasteatlus.com
ecotone-os.xyz
urbanartco.com
drecibo.com
davegwatkin.com
pharmiva.net
accordingtopreston.com
blizzardboy.net
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.1501.6790
-
Size
382KB
-
MD5
69179c129ec075bdad74d208e7514f7e
-
SHA1
255fbb79b1d201a02d1e905619aa79925d9499f7
-
SHA256
0ab8978869103e7594108e31a46cb1c7e62cb47ad44ab930fc17ccc2fb57daea
-
SHA512
c4f263758bc90a148e41a72fd10e7592622fa19f45b16cd2db973c6d37b66af53d7200ba9502137013d8517a258b1d5ed85a68aafbda16877aee1294d80a43ab
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-