General
-
Target
PO 87910219.exe
-
Size
617KB
-
Sample
220617-ewx1pache3
-
MD5
9bd3caa7036364de2477a63affbfc680
-
SHA1
f79011981755e4bec658a0229676e37e36438818
-
SHA256
774e7baca6802b4d8cf3df0fd6162e1bac6dbfb5a4e50f09bc2d7c9e166b285e
-
SHA512
c85b1af5a78a880ea4441473a80814954057a8e3834bfe7396722989859769d1fb623e1f8c79efb6919576b8255cde99c81acbb24fa82f6d00cccb4e5731c046
Static task
static1
Behavioral task
behavioral1
Sample
PO 87910219.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
ssmm
bhealthybu.com
formasyonlar.com
huddleadvising.com
iroofer.net
pokerisparadise.com
partnrsocial.com
omnixinity.com
sandibet.biz
xxxpool.xyz
mainsuranceagency.com
filipkaarrtofffers.online
txgongsi.com
bonasuplementos.com
sxp89app.space
grandeurjewelryph.com
productsorcerer.com
mrussellhandyman.com
igorstelea.com
cateraevents.com
yashaswistudio.com
stuy.top
canadianpharmacyonlinesrvh.com
sellmorecrm.com
chinadoorexpo.com
southlandfiltration-au.com
bca-landing.com
pinetreemusicclass.com
sandboxes.biz
executiveparkfly.com
ourfutures.biz
cqxcfn.com
gruberhome.com
wildbluewonder.net
6675fh.taxi
krnl.xyz
gilmaria.com
riku.agency
smonique.com
lrlbgruchi.quest
chwrell.com
triumcyber.com
bigtimetickets.com
arthashasthra.com
abs-traders.com
brownhorsecoffee.com
iaintgotish.com
lanhodiep247.com
caitlinmemorial.com
thefatreview.com
upchurchconcertmerch.com
prestaservices34.com
longnanjrq.com
mechaotherside.land
gennieclean.com
xzgtgg.com
furunhasan.xyz
timmarriottinsurance.com
its-my-pleasure.com
xviseos.red
combatiq.info
moncelebrantdemariage.com
yukselercanmedyagrup.online
zillionsband.com
radicalmalls.com
g2r5v2pp.xyz
Targets
-
-
Target
PO 87910219.exe
-
Size
617KB
-
MD5
9bd3caa7036364de2477a63affbfc680
-
SHA1
f79011981755e4bec658a0229676e37e36438818
-
SHA256
774e7baca6802b4d8cf3df0fd6162e1bac6dbfb5a4e50f09bc2d7c9e166b285e
-
SHA512
c85b1af5a78a880ea4441473a80814954057a8e3834bfe7396722989859769d1fb623e1f8c79efb6919576b8255cde99c81acbb24fa82f6d00cccb4e5731c046
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-