General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.29790.29870
-
Size
306KB
-
Sample
220621-qwsxhsgae9
-
MD5
0e27675635ef7e5475326e19d137b6a3
-
SHA1
25c0dfa8e0039284cea4712acbb792fda42b2840
-
SHA256
60e52790f183036e12c61a0f9eb0cec90e757f8e862a9a49144849b9ceffb1c3
-
SHA512
ab35053db7b0f042afd40706f7ba9ea425e2f93e518571b84850ecd010408b227b52c9accee4a536721a88d985a1703f2de757ceb61e49932a3ad8393ea1417d
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.29790.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.8
r8f2
HYm4fEDFPI26MBjBr3sK
YIX49qUVzl6Xn02n8xYC
vmWcRSr9Ly20njNL1ZIIOYCIzg==
xlygGqfnYzqm2IikIGT+bA==
gygguaFpZcHAeBacXm6VpGF3ilxt
LKURTm07QBOdj0Kn8xYC
k7nldyW+NHWWQ907Ukwb
cfmMLf5Svg2W4w==
Zn9zNsPuXbOvGMh6PlJes7lAmNc=
Um1tOvMNU2XUvlqn8xYC
BHfeBiieV/MThmTt/DQ=
2NH3svsZEt0nXQwo
GskKHpbMMQN/dGFsqg==
fn18FMla0J/ua3en8xYC
8WKhzc8r2FlTgBox
+6vxDLW6Ag2MyYapIGT+bA==
t2pzEvGF9oeOUQYwuIwhjlopaL1l
gHHP6lSvoXj8
6JHBccXI7feJkICGvQ==
iKebQNmWyRiAk0pmpA==
P+fipqIHht0FwbP8BTY=
aZcFPtcbkNPvt1tzAyNDZu7I
qNP+me01ytJA95g=
fftsjHb6PP68/Q==
51ZaCklUUSWjnU9wBbw5ol4tG26HGQ==
J9DSgcrVExPSVuJ8NyNDZu7I
H0NE8I2lwUwnXQwo
Srnu++2klVrcxFun8xYC
+m2VOfB5679Vu0/o/FBawblAmNc=
UGmvwXBkXyHF/Q==
KU6y2nKF09+DvXSlIGT+bA==
q2Zm9taMb7jCrmWCBB5DZu7I
zPLpf82S0tV42ISlIGT+bA==
zXnd9+mouocM/pmiF9JgxJJzSiBFGyS3OQ==
IcG9fI8TTRXMD6SpIGT+bA==
By1r8Kms1uWNwXOkIGT+bA==
Z5PP384dxlNxL/N9Wdk6OYCIzg==
VoGnZeoqqfDuMBjBr3sK
MdkakWItkdE=
FKflsvQC+0uLz3MWIGT+bA==
3ZLdDL/Avg2W4w==
23++gsvF9fmDkICGvQ==
euUmTXP7wEhG/KDEGEnsU+fK
vSkV1u6qvg2W4w==
lraGNZaEvg2W4w==
xbPuHaXxfbHt3XaGBR9DZu7I
jjdjAedmj930
/xkr253VkhInXQwo
ng0+VG8L3U8nXQwo
FJPAVaHkj55MyXwJ3QwzN5DzTJoxBg==
6B9UDONt0dJA95g=
SFtO6Jod7yqrAY8=
LkuVLI6Cvg2W4w==
u+QhQ2X4NrLc9A==
lYF1NMoT3U0nXQwo
0kdzINdTxdJA95g=
Gx5ZadGb21VY1bP8BTY=
8InS1n8O3U0nXQwo
Y3i56Piqvg2W4w==
dyBsoB9RzRoUbCHO22P4PHo=
CwT6omT0brXSoEin8xYC
pdgSNBIKV8Y=
ubGkaBYgBVcnXQwo
FEqQEFLFiv8b3OlFFcgxW54hxg==
windchimessr.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.29790.29870
-
Size
306KB
-
MD5
0e27675635ef7e5475326e19d137b6a3
-
SHA1
25c0dfa8e0039284cea4712acbb792fda42b2840
-
SHA256
60e52790f183036e12c61a0f9eb0cec90e757f8e862a9a49144849b9ceffb1c3
-
SHA512
ab35053db7b0f042afd40706f7ba9ea425e2f93e518571b84850ecd010408b227b52c9accee4a536721a88d985a1703f2de757ceb61e49932a3ad8393ea1417d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Suspicious use of SetThreadContext
-