General
-
Target
7.exe
-
Size
732KB
-
Sample
220616-qahveshga4
-
MD5
6597a0fbd9b2ee3bcf4a801fe4b69ae0
-
SHA1
6f5bd5f70bc21389c4d9ba4870bb8d4f97983a06
-
SHA256
57023cbc586b92ef899c3299c174c2689ba5b5e6e970976adde29d9977be9ddb
-
SHA512
377ed8daa7d35792babd744f3065db6cc92f6f4c352fab595b9f01598b43796183d635234cc49dcac88188a1816fdede39bb8c06efd515e1158170f5947ec3b4
Static task
static1
Behavioral task
behavioral1
Sample
7.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
uj3c
copimetro.com
choonchain.com
luxxwireless.com
fashionweekofcincinnati.com
campingshare.net
suncochina.com
kidsfundoor.com
testingnyc.co
lovesoe.com
vehiclesbeenrecord.com
socialpearmarketing.com
maxproductdji.com
getallarticle.online
forummind.com
arenamarenostrum.com
trisuaka.xyz
designgamagazine.com
chateaulehotel.com
huangse5.com
esginvestment.tech
intercontinentalship.com
moneytaoism.com
agardenfortwo.com
trendiddas.com
fjuoomw.xyz
dantvilla.com
shopwithtrooperdavecom.com
lanwenzong.com
xpertsrealty.com
gamelabsmash.com
nomaxdic.com
chillyracing.com
mypleasure-blog.com
projectkyla.com
florurbana.com
oneplacemexico.com
gografic.com
giantht.com
dotombori-base.com
westlifinance.online
maacsecurity.com
lydas.info
instapandas.com
labustiadepaper.net
unglue52.com
onurnet.net
wellkept.info
6111.site
platinumroofingsusa.com
bodyplex.fitness
empireapothecary.com
meigsbuilds.online
garygrover.com
nicholasnikas.com
yd9992.com
protections-clients.info
sueyhzx.com
naturathome.info
superinformatico.net
printsgarden.com
xn--qn1b03fy2b841b.com
preferable.info
ozzyconstructionma.com
10stopp.online
nutricognition.com
Targets
-
-
Target
7.exe
-
Size
732KB
-
MD5
6597a0fbd9b2ee3bcf4a801fe4b69ae0
-
SHA1
6f5bd5f70bc21389c4d9ba4870bb8d4f97983a06
-
SHA256
57023cbc586b92ef899c3299c174c2689ba5b5e6e970976adde29d9977be9ddb
-
SHA512
377ed8daa7d35792babd744f3065db6cc92f6f4c352fab595b9f01598b43796183d635234cc49dcac88188a1816fdede39bb8c06efd515e1158170f5947ec3b4
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
ModiLoader Second Stage
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-