General
-
Target
tmp
-
Size
510KB
-
Sample
220620-wvxrzabeg4
-
MD5
f4d2e38d770585564ad341312df5878b
-
SHA1
11de5c089ffad75ec2322d5a45e869f8340b651a
-
SHA256
28ce8117bb43173598827978edede21b263bf7e432fb4c2602ca3e6f1032a236
-
SHA512
89ee06b556c4c9bcfe07654909578b24d2183c67617c5bc67a2769efba9ebf15f34f975dfbdf7620d680737a9f03fdfe2c0663a16c49484d58708dcb266d201f
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
ip4t
710wgm.com
ournewhorizon.com
hilfe-online.xyz
suryaciptanusantara.com
hfrdwy.com
solutionscollection.com
savor.menu
fxivcama.com
freedom-recruitment.com
owldit.com
fullbiz.online
ztgifts.com
zerlastreeservices.com
simpleenergyai.com
ostheide-immobilien.com
mike-piano.com
xiheps.com
usedcarindonesia-ace.com
yuncuiyunying.xyz
hopecrtprotour.com
palesamedia.com
16thave4plex.com
payphelpcenter950851352.info
myjsma.com
uncoveringtheunconscious.net
hcdt.net
sipatuh.com
holistic.bet
upsidesunny.com
hongkongrestaurantmi.com
torquedad.com
carpetoval.com
markasiotomasyon.com
696916888.com
choiceisclearcannabis.com
newcomers.store
sy932.com
jodgotech.com
c9333.com
cangomalaysia.com
tesnd.com
bridgemutnet.com
peterkingroupllc.com
brucecurrycropinsurance.com
lotnerd.com
75lamersoncircle.info
armymomcreations.com
hiveminingltd.com
mfpropiedades.com
maratontorresdelpaine.com
blogrutasviajes.com
lizshulman.com
communicationmotijheel.com
the4adstory.com
arch-fzm.com
ryansalas.com
fcsyp.com
winokio.com
myloan4you.com
classicshowcase.site
producziongroup.com
todosnegocio.com
reelincraftydesigns.com
tigerglobal.business
mygwinin.com
Targets
-
-
Target
tmp
-
Size
510KB
-
MD5
f4d2e38d770585564ad341312df5878b
-
SHA1
11de5c089ffad75ec2322d5a45e869f8340b651a
-
SHA256
28ce8117bb43173598827978edede21b263bf7e432fb4c2602ca3e6f1032a236
-
SHA512
89ee06b556c4c9bcfe07654909578b24d2183c67617c5bc67a2769efba9ebf15f34f975dfbdf7620d680737a9f03fdfe2c0663a16c49484d58708dcb266d201f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-