General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.17604.15051
-
Size
269KB
-
Sample
220620-r8qhlaeahk
-
MD5
19861d87fe26d68455c99bf2f9bbcbd4
-
SHA1
a6564b4d40554302eaf5b268c1b68ee782106e7f
-
SHA256
d633761b804b67c96b1b53eef2bc4be89542c95406882f35d2dc12ef24f35885
-
SHA512
a5abc67d06658f274349f2666ddcda250b53bc488f989553bbd2fc9daac95e828584b62df17627042771cce91e6f871db30d22e29e70fb1b16ea6b3b23ded46b
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.17604.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
qnse
sowellpowertask.site
vitoramsden.site
northaugustaliving.com
meowpawr.com
rockmore.store
luxurytomato.com
jjlbyl.com
cryptonewsmalaysia.com
mylichy.site
apisource.net
soulisouwai.com
smmstreet.com
adevopsisyou.com
unitedairgunners.com
imgcinfo.com
emiratesentrypass.com
flarefashion16.club
vacationtrip.xyz
hotupdatenews.com
nekomedeblog.com
prodentaglobal.com
hisaronlinestore.com
gmbitsolutions.com
dreamloveclub.com
xn--12cl4d6ahw8cr.com
safefastb.xyz
zjplj.com
orioncyberinternet.com
djb333.com
activitiescores.online
sristiagrofarms.com
zenithph.com
dg-bssj.com
timenagoya.com
seminuevosk.com
pingshopping.com
northgatevillageapartments.com
darrickstewart.com
playhouse88.club
cristiantorres.online
alpeczanesi.xyz
splitipay.com
homeforent.xyz
chemiststratus.com
triunfoconstrutora.com
chaimafia.com
tbrhash.com
address-update-team.com
10499huntinghills.com
shoulieqicai.com
votewithyourtweet.com
jumeisg.com
sigmaprojectx.com
exploringwithsamantha.com
petatothemon.com
yellowtoned.com
hotmessinprogress.com
retrobet.one
nhitcore5.com
moringa-360plus.com
indobetway888.net
bar-clicks.com
aiflowcrm.com
xn--chq9on3ijr3a3z2a.com
neo-dance.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.17604.15051
-
Size
269KB
-
MD5
19861d87fe26d68455c99bf2f9bbcbd4
-
SHA1
a6564b4d40554302eaf5b268c1b68ee782106e7f
-
SHA256
d633761b804b67c96b1b53eef2bc4be89542c95406882f35d2dc12ef24f35885
-
SHA512
a5abc67d06658f274349f2666ddcda250b53bc488f989553bbd2fc9daac95e828584b62df17627042771cce91e6f871db30d22e29e70fb1b16ea6b3b23ded46b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-