General
-
Target
92c2a317c5f1340fe40e847fd4a290b5.bin
-
Size
227KB
-
Sample
220621-dgslzshghl
-
MD5
92c2a317c5f1340fe40e847fd4a290b5
-
SHA1
20e4237c39443b999e176caaa799a9c840416934
-
SHA256
967e80c11920ba196e5be5fa18e8df97cb351d12c7c219fe95ff644d29742c92
-
SHA512
55196962ba58b27f06fba8e482675a6e5d876a0edfd7fd4e7846c5020dda27c3c49e9fa725b56406438ca21a8847b82dad7a656f8a1c16c4f9017cb446dedf60
Static task
static1
Behavioral task
behavioral1
Sample
92c2a317c5f1340fe40e847fd4a290b5.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
tchu
yenelle.com
omasex-filmpjes.com
canthonailgap.com
zidualz.com
jbc0lb.com
fusersing.com
xn--ehq408h.top
localsongwriters.com
wyzforwork.com
mycapitaldistricthomevalue.com
downtownsmminiblue.com
13640271161.com
fernandabragoni.com
goleanscape.com
e98858.com
drezuis.com
drispartyoficial.com
bar-tees.com
digitalayushman.online
balilishop.com
cyberknlght.tech
perfectshoelace.com
comedy-concert.com
neuetrends.info
iconplumbingne.net
astanasilo.com
creditrepairrealestate.services
bestozen.store
imaginarium.club
melissamariaaesthetics.com
zanovegeneracije.com
hoteledam.store
heomusic.com
podcastlesinthesky.com
professionindex.com
renry0707.com
benefitatelevancehealth.com
alovecaravan.com
clientsforbusiness.com
s-coffeelab.com
indojaya168pastigacor.com
hjqd680.com
smilestar-kyoto.com
napnet.art
globetrottinggeneration.com
7fs.info
swinglegame.com
thefourcolours.com
clamourer.com
moneyrelate.com
ecommbobulate.com
bluelse.com
kellybarlean.com
wooridodiy.com
zf8887.com
wiuc.agency
samplemodelpage.com
tether-air.com
7k1c.com
rn38a774.com
imlrz.com
insafcompany-sa.com
themysticreef.com
r2e.space
goingtoblaze.com
Targets
-
-
Target
92c2a317c5f1340fe40e847fd4a290b5.bin
-
Size
227KB
-
MD5
92c2a317c5f1340fe40e847fd4a290b5
-
SHA1
20e4237c39443b999e176caaa799a9c840416934
-
SHA256
967e80c11920ba196e5be5fa18e8df97cb351d12c7c219fe95ff644d29742c92
-
SHA512
55196962ba58b27f06fba8e482675a6e5d876a0edfd7fd4e7846c5020dda27c3c49e9fa725b56406438ca21a8847b82dad7a656f8a1c16c4f9017cb446dedf60
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-