General
-
Target
a30ce56b0c2277601c2d088509066b51fedbf16a8c2d0569aee5e8aa9bc8eab9
-
Size
611KB
-
Sample
220625-xygqlaggcr
-
MD5
dca52738641df47b688d41088c775b19
-
SHA1
82b53cdb35de65b6fd6739af9c72ddbca36a1ffa
-
SHA256
a30ce56b0c2277601c2d088509066b51fedbf16a8c2d0569aee5e8aa9bc8eab9
-
SHA512
091bf232b177c4e72091cedc23c5085c8d36da0e8253a7b19fc889696bafd5bd1dd0c263cbd15f84aeb7855a91c08a031ff0ec01942fdeb5327684bad305af67
Static task
static1
Behavioral task
behavioral1
Sample
ULnsMhkLMmFISmk.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.3
p596
ushistorical.com
lovepropertylondon.com
acupress-the-point.com
3772548.com
ambientabuse.com
primaveracm.com
themidwestmomblog.com
havasavunma.com
rockyroadbrand.com
zzphys.com
masque-inclusif.com
myeonyeokplus.com
linkernet.pro
zezirma.com
mysiniar.com
andreamall.com
mattesonauto.com
wandopowerinc.com
casaurgence.com
salishseaquilts.com
yourchanceisnow.com
tumulusresearch.com
blendandspend.com
pevention.com
cloudrevolutionawards.com
beadedbodied.com
marylandpaymentrelief.net
5935699.com
silverleafcompanies.com
slxxxhub.com
combatstriking.com
sex-shop.life
cuncunkan.com
italiamo-magagine.com
sfvoterguide.com
2012boulevard.com
mslookbook.com
897tj1.net
cgslnc.net
kashyaptalkz.com
researchcse.com
lunzhu168.com
mlfkt.com
customcardstudio.com
kirklandramblerforsale.com
magetu.info
wptheme247.com
purposedenver.com
journaldelaphotographie.com
yieldwadi.site
mobilefriendlysites.com
ocularjournal.com
consigli.energy
infintylights.com
itcohempproject.com
montcairo.net
allegrohascockroaches.com
flexbandofficial.com
greatindiapropertyshow.com
kabin-fever.com
designsoc.com
javlao.com
controltower.services
masihsarap.com
lapashawhite.com
Targets
-
-
Target
ULnsMhkLMmFISmk.exe
-
Size
790KB
-
MD5
9e2f228029738210cb89504393113f02
-
SHA1
47b2dcfae34251772a5dbde9e381cceaf80063e9
-
SHA256
a62281360a594e22783fb5dfc0e34645726b22df9ae0939b56a5b41e51289f97
-
SHA512
3b980df970f6a652e355ec8ddd147144252c4204db52d6ddf9ead5dac7b89b2c153b668f24bcb94a85aa5d4d4642c22b56c647419e38eab1817a39e1de5a8f7d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-