General
-
Target
btweb_installer.exe.vir
-
Size
513KB
-
Sample
220620-vryz7aabc3
-
MD5
36ea1b51442def28b8c127f7d9e386a5
-
SHA1
00fac6353533794c5f4ef8ea08082974241f4841
-
SHA256
8ecf3a66141bdd66b2ba8201bb1fedbbbde5c4e5710b99ba2e1d523ad49011a1
-
SHA512
e8222956b4a5ea2964e9aeec6107738c213145e24593f1efc2c97aff9fb19f16f863ff202c25251e4fe7c527684bc03de19634deee42a02202238de1fcd8d15c
Static task
static1
Behavioral task
behavioral1
Sample
btweb_installer.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
b6qc
etofood.com
bigtimberroofingnc.com
jacque.doctor
9588uy.site
nosceremonies-lefilm.com
xposetattoosjaipur.com
universalwebbinq.com
klthealthfrancesarl.com
tinyhome.deals
neroivr.com
floridaappeals.net
vladartsmith.com
chatbothealthcare.com
akutansi.online
appointmentcart.com
vertue.xyz
healthplanslakeland.com
es-verification.biz
thatsod.com
521ini.xyz
tarjeteala.store
qamst.com
solutionard.com
ru-xvideos.mobi
resco-pe.com
betmonde581.com
mortgagethru.com
agrimin.store
cateringwarszawa.online
ip-art-gallery.com
rajfillters.com
biwbuyingnow.website
farmdogcanada.com
sdsgmsqnlxs.com
fa1028.xyz
flyvr.xyz
e-lovac.com
creambuyonline.com
payment-travel.com
qfort.xyz
blueskycr.com
plasterprostucco.com
frontflipmarketing.com
jsq2.com
billsweb.site
huafeishiye217.com
pegtarazimod.info
emergencytowingoakforest.com
ptzcnq.com
cd-packaging-solutions.com
faqelectronics.website
xynf03.com
quititamorn.com
nownon.com
dachik.com
hendrecords.com
ready4charging.com
warnor.world
www6658yy.com
scentedejuice.com
goonerfodder.com
outcastclass.com
esmicasasv.com
peopleshous.com
cloudinfra-demo1.net
Targets
-
-
Target
btweb_installer.exe.vir
-
Size
513KB
-
MD5
36ea1b51442def28b8c127f7d9e386a5
-
SHA1
00fac6353533794c5f4ef8ea08082974241f4841
-
SHA256
8ecf3a66141bdd66b2ba8201bb1fedbbbde5c4e5710b99ba2e1d523ad49011a1
-
SHA512
e8222956b4a5ea2964e9aeec6107738c213145e24593f1efc2c97aff9fb19f16f863ff202c25251e4fe7c527684bc03de19634deee42a02202238de1fcd8d15c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-