General
-
Target
a2a48356b9f67cfc32424666d11a2ad1
-
Size
642KB
-
Sample
220621-rtr3waebcj
-
MD5
a2a48356b9f67cfc32424666d11a2ad1
-
SHA1
fbc8e7b480daf82c758c94b69eb9aa33906a2846
-
SHA256
f1db2014fedc5f46bcf82be2d824a6c2e25c9e5d3405b65efad866a3ddee1bec
-
SHA512
0c9031f83087b2673d2e35231a098cb4742717fc33e8a84ef56e1d1abeefa9cea3ad95fbf07649c0285441f7d40c1e3f6994f296a951411e72e2c9fa4087b311
Static task
static1
Behavioral task
behavioral1
Sample
09876545678909876.pdf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
09876545678909876.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
RtYQG0987654567890XK.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
RtYQG0987654567890XK.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
xloader
2.5
q2au
chassere.com
servpro11517.com
sfgm.xyz
addesbarst.quest
promotion.moe
946acg.net
lightwalkco.com
linkclose.com
dm-natural.com
formuladreamz.com
visitnewrichmond.com
modelahs.com
emulging.com
citifiedbrandinghub.com
meyerranch.realty
bhs-online.com
ai-technology-online-ru.digital
lendsoar.com
dryelm.com
farmchikllc.com
imilecarpentry.com
serviceexit.club
tracydrivasrealestate.com
ebusinessdesignsolutions.com
idst-tvtower.com
royalmagg.com
veloci-cloud.net
houstoncustomglass.com
jhpig.com
brianismysfagent.com
artscience.xyz
oliverchilde.top
packnrun.review
internetproshops.com
nargileladiko.xyz
monkeymisfits.com
dramagosnieto.com
ministrymattersmagazine.com
gpartinvest.com
ktnsingle.xyz
recoverysupportnetwork.net
recbi56ni.com
uncoverthesecrets.com
carcharginginstaller.com
incomeimprove.com
collaborativelivingllc.com
imtokenu.net
relatinpcr.online
hellenburg.net
lsktz.com
skyrangersfoundation.com
texascollegecosmetologyatx.com
brisktor.com
max-henry.com
jspagnier-graveur.com
aichuangluan.com
luckydrawprogram.com
sbi-us-ga.com
nativeamericandoctor.com
organicpineneedle.com
stashine.com
toyotariba.com
swmoficial.com
vwdtransportllc.com
laman-7sdnbhd.com
Targets
-
-
Target
09876545678909876.pdf
-
Size
442KB
-
MD5
0889c3678c73b560f4485ba660afcfb0
-
SHA1
909a6c105575d91a14c31ef894a72c15ec853077
-
SHA256
36c94bfca41fa33816b41af0c150398702666844734d813ef8440d1910b68e1e
-
SHA512
57e1f11aadd5b9699c2e5c40f3b2339da17d9cb860870ae181a55f1b00c4fd127aa7f943c73c00275ebf8f6de02dd0cb42e2ee784dc27812866f1ac465694242
Score1/10 -
-
-
Target
RtYQG0987654567890XK.exe
-
Size
18KB
-
MD5
8fc5571786fc52172cd8d8c256e6d866
-
SHA1
f94b50b3e8afc589f39d349a1094ac623676cece
-
SHA256
5d670b04e3a12b104c1890757fff4dba7fe1de1a80eff1a29e3b364312e30204
-
SHA512
db18420551f08e9ec9588c3356a58645b9459f633742835306912660ab053c7a4fe040deffe0ac245e1196dd80fed7f4f7b433a83801244f63184e9b31b7fa9f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Suspicious use of SetThreadContext
-