General
-
Target
1bec941f244d3f69b90f2b3166509ccffdfb11959003f53c1ef097beaf4a0969
-
Size
303KB
-
Sample
220621-jbhgqacbfr
-
MD5
bef72eb124931f8e96965b4e5062605c
-
SHA1
f2f7fb4c3c0d130dfec7ede1efa1b5187b759ede
-
SHA256
1bec941f244d3f69b90f2b3166509ccffdfb11959003f53c1ef097beaf4a0969
-
SHA512
3d8dd5304f53744a82ab9d01e98bdf776dab77507255f81c1a9d377c3a56c440a5c69b01de7dc7d24671a6b287b9a7cc9a57828ffa371b09f22ea0203ca4556a
Static task
static1
Malware Config
Extracted
xloader
2.6
mt88
syzbf32.xyz
pertlines.com
vybaveniprocyklostezky.com
elianmsalas.tech
a-snag-tokei-kaitori.com
tuvistaing.com
whoyoucall.net
l8e9gr.xyz
sophrologuemontevrain77.com
ciclean.com
the-roel.com
campgreencove.com
foremostbookkeeping.com
zamanscorner.com
efeturozemniyet.com
penelope.team
murata.life
solfuls.com
tradefitinvesting.com
skinbid.pro
hongyanwulei.com
aifconference.com
happinesssangha.com
microw0rker.com
agcompanion.com
renovacg.com
sisterfuckers.info
bigrockhuntingpreserve.com
loudbodies.info
hcr.store
000006138.com
ganitvigyan.com
libmananforum.xyz
bastianrob.xyz
leafybooster.com
65ratubh3j5fi.xyz
8id9pl8944ktb.xyz
designerinfotech.com
prmainey.com
5092377.com
mayascleanservices.com
selectendeavor.com
qxu0l1pgl9jm1.xyz
yanpoake.com
constructiongst.com
wwwfreemovies2021.com
norsgaard.net
raytan5.com
electricsemiloans.com
modernworklabs.com
sodapins.com
scwsav.com
ihrorg.com
vvv223.com
sofanemphuyen.com
zaqv40.xyz
verdure720.com
mysitetutorial.com
tur-advocates.com
vistadocs.com
kosodate-tiger.com
micahlinacero.com
nusires.com
ardtalscase.com
mariafonsecafreitas.com
Targets
-
-
Target
1bec941f244d3f69b90f2b3166509ccffdfb11959003f53c1ef097beaf4a0969
-
Size
303KB
-
MD5
bef72eb124931f8e96965b4e5062605c
-
SHA1
f2f7fb4c3c0d130dfec7ede1efa1b5187b759ede
-
SHA256
1bec941f244d3f69b90f2b3166509ccffdfb11959003f53c1ef097beaf4a0969
-
SHA512
3d8dd5304f53744a82ab9d01e98bdf776dab77507255f81c1a9d377c3a56c440a5c69b01de7dc7d24671a6b287b9a7cc9a57828ffa371b09f22ea0203ca4556a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-