General
-
Target
New Vendor Reg.jar
-
Size
386KB
-
Sample
220616-pzmz1ahfa7
-
MD5
66519abb5dc73481091d07984fa9255a
-
SHA1
51995ee518076e92b84b71497e576a31a28b96db
-
SHA256
4ca97145822fa092ef34388318a1d302687a094ce96394bfaa67ecf92f5856d9
-
SHA512
cb0a9f6a9ee9a5f973ae7a7f69638184454a79ebbb097ca1795012704a2624685ccf9449196bca40e85e6639c518fee629145cc0b0be931aba9f6a400f6a8e50
Static task
static1
Behavioral task
behavioral1
Sample
New Vendor Reg.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Vendor Reg.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.6
ne5f
presentationmeetup.biz
mlune.com
smplsnoot.com
gatorlendingnearme.com
matsu-den.net
dac-nj.com
currentsea.rentals
peter-elst.com
hyo7jzsunsh6ad8rjwsa.com
5gsmartsales.xyz
medinfoedu.com
tenderstembroccoli.com
solicitglobal.com
lojashauren.com
constructionboots.online
hecsearc.com
tandemcoruna.com
ordinateam.com
heikyoum.xyz
segawa-kensetu.com
chodkokowa.com
velovitasnapit.com
ironmandalorian.tech
tittle-tattle.store
pejoki.com
sportsloft.net
valheim.xyz
thensateam.com
continentalfinane.net
savorytoys.com
morningmiraclelabs.com
drew-energysolutions.com
serial-2021.com
impatientempowered.com
shrysw.com
reputationteem.com
shengyuejiahua.com
elite24studio.com
8i4ncc079k.com
shangarajive.net
burgerpawty.com
janamora.sbs
elementosete.com
rigbusters.net
artwork.photography
akretum.site
alphabullsmint.site
terracepile.online
floridafamilymortgageteam.com
posadiderevo.com
tkrbeauty.com
titangeloriginal.store
opoetafetado.com
hgrworld.xyz
sobrerodas.site
restauranteelcherro.com
sportskhemistry.com
mcmcasting.com
yolischildcare.net
designbybyte.com
judithzeichner.online
website33239.website
fastimporter.com
heftyghoul.online
huyueyq.com
Targets
-
-
Target
New Vendor Reg.exe
-
Size
848KB
-
MD5
bbbf08949b4ca357104450ab5683729f
-
SHA1
25513c4e48d250b9f6687629cc4d41201bdbecda
-
SHA256
d9be4c80cc0be31124f4c9f835624a76317f4c0028cbf2188f311df2d325c324
-
SHA512
9860e6cbe1aea1fe860dd58bd916071ec76488d0a8877f0bbce7b05e683f02838c1e8c85b1293cad2ba205c8647ceafee41dd2a011e86df79be7b5e525e423b3
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
ModiLoader Second Stage
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-