General
-
Target
1
-
Size
60KB
-
Sample
220621-pzlf6sdedm
-
MD5
f86865bc1b7e91e8e07d2a886682a772
-
SHA1
a496236c6d15ea25bca7afc6b0656fc1d1a78779
-
SHA256
fb3720f555a4f24cbbb34901d750d439d9b56d7336e6d6a187dde5a723fc50ca
-
SHA512
dc91a2706c49807575716a797aed3186259b0274b48f08202b9f66892a76d4cd4016419b454df4c3b768ae68e343524758d63e0e0af33f89d4f86f8e2dabd8db
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.8
uem3
AKGB4wSx6J+2x1WgKQ==
54dc0yNdRnO/FCSAQeL+Tp0=
ZRLkrEHNZ1d1yg==
mubhdcr1EugF/who
GKVThpCZVtY9m+c1Fos=
nkctk6m82Pno8fVf1ydrfAATjEJvRDxWwYwVjxGMIA==
pvFvmLjefiJ5IWvPaWSZKCk4
L7Vhm+sduit68jRIH4k=
hL6j/yJOaBqxEBE=
0ehJg24Ot+O6+glq
fLuQ9QUfvhqxEBE=
kj8Tk+ks8qO0BjegJAVIRvzyF7hxyblXhHMLjxGMIA==
fbEsS1zjAndVOUuKJh2HnGWtnmQg
CrSJBiq9FEgbO3iXjYHq
349o4SvGd6ONa4baf26ZKCk4
f703eo4Wud/r5v9BL+L+Tp0=
OFi0/02FMpps+gg=
+jsvlbdP/aqW1gY=
ZpHdFzM396f6oDRIH4k=
YWfAF3GfNaPzWVnHTTSEkmOtnmQg
CZVBhKgc4grz9fto2R5ov+PcYA==
7JOBHk3nfJhvmds2xB5sv+PcYA==
ZxfuW2XzgG5VX3/LYEWXpIT135I5
FLVgjpulr5/2puIupeL+Tp0=
wQrpacJkFhC6+glq
eL43YoCFp8NkmJr1x6Di
XrYnP0O12ImOcomXjYHq
Y4nnLn4k6BG6+glq
tcuAuSa/Z1d1yg==
duqTGkVfIph60ihDJoP9
ntJBkNh1APjX6z2MXrILFAU8mULObCcbkCxl
oK1fAVYIevDMx1WgKQ==
4RHAYn/5zPjX5OQ/wxFPXdn2UOiBu7TLZovxPk8=
xFImK3mlS+igkqTwgW2ZKCk4
6i6Qm7fZoXbUeLsGuINHwq6v/KUo
TIFJUwbLZ1d1yg==
+ECp5ACQS3FtZniXjYHq
dioIc46oahVpx1WgKQ==
8xzZX4D2xB984N8+peL+Tp0=
bbCVFjQ1Yo16nu4L7bT3Qigw
k8UxU20JoIR3x1WgKQ==
/KJ+3feKkCeC/e0L7bT3Qigw
6BPISWz4tu5/FxdvPRp6v+PcYA==
Gse0Q5Au7CI3QUGIWDdyh1F4wVgldRtI
HEat3ezznTHg/kWkW2aZKCk4
bq909DRQaBqxEBE=
Mz+g7T91JM1SxtUXCwJmbN3jWh7KcygbkCxl
3zi15PV2Z1d1yg==
0e+mJXcsTO5f7jRIH4k=
3h0Wna898hUACw9iOCCDhO6nBgXu+68=
YJP9Q5lcbAVh/0qbJbUOZKp6q20i
QGnY+iHJXHVhsfZlLaz8+0EwoUB5ZV5un7pJhA==
nUErvdhLcw5w9ABkNuL+Tp0=
6pkkaYOFJp+yx1WgKQ==
A52BD1TzBqq9x1WgKQ==
5wWvJTw7Bq0MN3LmPg==
7inwZXWOWtMndMAQ4vsuMA==
QdGHq9HvZ1d1yg==
r1UGS5i3SbL+fojix0O1tJCq7qVi6plUdA==
E8OmGDZb8YY9Yam7nI/z
B01E2BaVNk4hA/9uM+L+Tp0=
wNU6UmQLt9/mQX2hoPEeNQ==
rFU2l6WRWwsOV6+9f90bJpE7aA==
7p1biaA8A6qL0w==
progestionsoftwares.info
Targets
-
-
Target
1
-
Size
60KB
-
MD5
f86865bc1b7e91e8e07d2a886682a772
-
SHA1
a496236c6d15ea25bca7afc6b0656fc1d1a78779
-
SHA256
fb3720f555a4f24cbbb34901d750d439d9b56d7336e6d6a187dde5a723fc50ca
-
SHA512
dc91a2706c49807575716a797aed3186259b0274b48f08202b9f66892a76d4cd4016419b454df4c3b768ae68e343524758d63e0e0af33f89d4f86f8e2dabd8db
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-