General
-
Target
NEW PO 87910219.exe
-
Size
622KB
-
Sample
220621-gxledsebg2
-
MD5
7d134d7411132c648a3e8c96b6512ddb
-
SHA1
ac36a8371466aa2cc72dd8de3d82c8ee79223358
-
SHA256
6754c12fc6c245becc9c5104eb4c130ee31217a4a8cdee324f468c2c26b4e051
-
SHA512
e27e1ad2543efead629e66a580be1cf4a8712c695d2d778c55cc93c6b3c870dd680040f318f1309f0d685352da5bfae8797fa02aa1f4cf8a1a07aeb7e4cc0550
Static task
static1
Behavioral task
behavioral1
Sample
NEW PO 87910219.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
be3s
aoxaswa.info
souplab-graphic.com
churchontheisland.com
spclassic-cars.com
stanford-edu.club
heydowm.online
chattanooga-electricians.com
sectsk.com
cxg98.com
buildafricaonline.net
buydogcoin.com
vsst247.com
lodgelastrancas.com
ainonaho.com
griousndwarehsftyfs.xyz
voltagestabilizersupply.com
xn--79q565dzfex9hg81b.com
isrvr-ccrforum.info
chitiandi.com
criticaldisco.com
fxivcama.com
martinsalas12.com
stellar3.xyz
positivistapproach.com
drivecheckeredflagcdjr.com
ejxsj.com
vegastrader.net
srivedafireandsafetysystems.com
ssmrmt.com
alexander-stuart.com
bill-tj.com
ctgteams.com
gossipnode.com
c431s.com
kelleysheartinart.com
rusucatalin.com
beautifulcreativeconcepts.info
hongyanwulei.com
lhab.xyz
gpzdd.com
dailyprizes-2022.site
hollafashions.com
gecharity.com
villagegram.com
davisesinthesmokies.xyz
webandsundry.com
setthetonenyc.com
bayu122.com
lajollabella.com
ghazalceramic.com
soft-iwacu.online
haksography.com
karise.life
promobilelist.com
respecttheroyalty.com
17500teraholland.com
giraffeemarketing.com
canyouseelouise.net
watchur6.com
eqaq-tvzurp.xyz
onlinecumpar.com
watchdiving.com
austriatourguide.com
kavun2.xyz
mpmidea.com
Targets
-
-
Target
NEW PO 87910219.exe
-
Size
622KB
-
MD5
7d134d7411132c648a3e8c96b6512ddb
-
SHA1
ac36a8371466aa2cc72dd8de3d82c8ee79223358
-
SHA256
6754c12fc6c245becc9c5104eb4c130ee31217a4a8cdee324f468c2c26b4e051
-
SHA512
e27e1ad2543efead629e66a580be1cf4a8712c695d2d778c55cc93c6b3c870dd680040f318f1309f0d685352da5bfae8797fa02aa1f4cf8a1a07aeb7e4cc0550
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-