General
-
Target
4c5903eb4a5bb90549d95a65df83c607.exe
-
Size
375KB
-
Sample
220705-pavzbaghhp
-
MD5
4c5903eb4a5bb90549d95a65df83c607
-
SHA1
bb259408c7e34679a73389a87bea7a5aebfafece
-
SHA256
d68fa1001c7c79b3a4c142875ded35be6b07025eabe4b6ad576c1c3d11054ac8
-
SHA512
364a119eeefd0905f37c5865c261559df59473babc998b1229a85726efd0374bf286ac5e61b944d0e4eacfac21f37c9d4c92b32ddfb082bd9e38bcd795b4b96c
Static task
static1
Behavioral task
behavioral1
Sample
4c5903eb4a5bb90549d95a65df83c607.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
n8it
360-nft.com
reversedwarbler.com
corefina.com
pettigestudio.com
bienvenidomiami.com
directoriobid.com
ydshine.com
xuemengyc.com
crossfitlaquila.com
strongdigits.com
goldendtatedermatology.com
onlinecryptoarbitrage.com
ziyuechloezhang.com
khaijd.com
pickleballgiant.info
shopcycles3.com
dynamicmetalbuildings.com
vandorainvestmentpartners.com
syzbf15.xyz
directbizlending.xyz
e-volutionsf.com
winnerjourney.com
informasivalid.com
impossiblemachinelearning.com
findkode.com
onlinecoursesin.com
0532sme.com
leogaeofkingdoms.com
coloradopadelclub.com
gdpyy.com
plaquepsoriasismedcareus.com
edmontonfoundationrepair.net
cybitt.com
weddingseopro.com
riosenpodo.quest
taketherubbishout00001136.xyz
doubledotts.com
foodieonline.club
xe9b5mzzqzez5t.life
sculpturen.xyz
battene.com
learniebee.com
shamesupportclock.life
tfnor.com
trickwaves.com
presumablye.com
lookloc.xyz
xyypjq.xyz
ike-design.com
de7secondenglimlach.com
signalcharlie.store
gfgoldgroup.com
weytek.com
modellinghacks.com
fimacusa.net
triplatin.com
untilfun.com
sporerindividual.com
mevst.com
vertex-modal.com
overworld.site
areowed.site
thesleepercar.com
driveubertexas.com
electrosle.xyz
Targets
-
-
Target
4c5903eb4a5bb90549d95a65df83c607.exe
-
Size
375KB
-
MD5
4c5903eb4a5bb90549d95a65df83c607
-
SHA1
bb259408c7e34679a73389a87bea7a5aebfafece
-
SHA256
d68fa1001c7c79b3a4c142875ded35be6b07025eabe4b6ad576c1c3d11054ac8
-
SHA512
364a119eeefd0905f37c5865c261559df59473babc998b1229a85726efd0374bf286ac5e61b944d0e4eacfac21f37c9d4c92b32ddfb082bd9e38bcd795b4b96c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-