General
-
Target
7575486141.zip
-
Size
598KB
-
Sample
220616-xk1asabbh8
-
MD5
7a3158853463bd08fc2fb5801278f80e
-
SHA1
1e269fb699a6f625f81c35baa98b3fc76659ad0a
-
SHA256
4a658f2a54f6bd1df3d6ef682eac82e7084a293438169af6f9f1f5dd288b3c53
-
SHA512
73038ed0e590b583005273b0617b3f6a277fb4c1cd1efd64455b07a0b3665ae9e8f4d57b659ec375e7f89747f51835713faf59d8453c1674990b1334b425d05e
Static task
static1
Behavioral task
behavioral1
Sample
59ff552836be62fb7a7bac7967eb15c7e47b40c23d57c05b2183d819535f556d.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
apju
fbqxzz.icu
kinokosuke.com
psychosoziale-beratung.com
covermydreamhome.com
livingartpodcast.com
simonavallone.com
spaedymafra.com
royzoom.com
classiccuisinetci.com
itechnology.tech
range4tis.com
rehab-infoweb.net
rebeccawsapp.com
azenkabestmid.info
change0913.com
efilux.com
aprendesobre.com
relokators.com
reditastore.com
3424soldbastrophwy.com
all4you.men
mgnkzh.com
t-m-gori.com
ouidles.com
sayangki.com
bloshmedia.com
skidcity.com
paypal-caseid398.com
holdvfind.store
jinlisting.us
sneakervergelijken.online
playsigaretta.xyz
qdecucar.com
wwwfreedom55financial.com
vertexwebdesign.us
nextgenerationandalucia.com
carton.tools
beepollen.xyz
gghdhgfhdfg.com
4ngho.info
jenningsads.com
shanxincn.com
zeewebgraphics.com
vianaeucaliptos.com
searchlink7.com
startbusinessinuae.com
imagepixo.com
changeproduct.store
mintinghumans.com
bizomarketing.com
chamberlalngrp.com
gravityforcesportsnutrition.com
dayinsousse.com
mrcialis.online
hollidrinkscoffee.com
cjdrgreatfalls.com
fastbest.host
peo-sending.com
lacolinadelcanario.com
jumeihunli.com
bestwlz.com
sapinou.com
bai2010.com
adamson-fire.com
sattadelhiborder49.xyz
Targets
-
-
Target
59ff552836be62fb7a7bac7967eb15c7e47b40c23d57c05b2183d819535f556d
-
Size
976KB
-
MD5
234b20b7f7acc532a7dba7ec66975eb0
-
SHA1
19fe0a1987868f24a54cfc5214c509cff9f8691e
-
SHA256
59ff552836be62fb7a7bac7967eb15c7e47b40c23d57c05b2183d819535f556d
-
SHA512
33ca4aab26bde5e3e83a28f6531b778e48ebfec90f3118b7938c3abd849169ac74a4d586f76f51bd07254fca52fa283705720ae103ad3d848c5fc90c32db11c3
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-