General
-
Target
fzejdpOSxr_bin.js
-
Size
359KB
-
Sample
220705-pp2qeabaf9
-
MD5
84fa540039df7abc11a136c8a43fde22
-
SHA1
175daef8a581ff8ae86cded1cb6f68373d665dda
-
SHA256
d5e68b8de115bfa8d06d5f407c3e6f9c95f545ff4a9ee16f9ba2706993cdd7c0
-
SHA512
7715e6ae047fdfee1ba18aa1adccb28f1608b591a5e710c687f8c599486163b85a432edbbebdeef2301cf779c969cfee1578ad75a57aceb6f8589b2c054595b5
Static task
static1
Behavioral task
behavioral1
Sample
fzejdpOSxr_bin.js
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
mdzq
leop.red
actoconcept.fr
doesmee.com
goplygolf.com
cqshki.net
leflegme.com
wgamersport.xyz
4513367.com
shpoweronline.com
ingeniousconsultingservices.com
dentaldenalia.com
saaraba.net
artnow.media
sbwyt.com
nortonrosefulbrigiht.com
autorad.xyz
clergyfundingandinsurance.com
boarko.com
xn--zoom-kh4j.com
739lakemuirdr.com
nhcabling.com
la-bites.com
bostoncleaners.net
q5p0ih89ufw9q5a.site
davincimarblle.com
albite.xyz
earaproperties.com
xn--vsqs7b5yfhum230a.xn--55qx5d
marketreservation.com
n5ply9.com
bestquest.club
hs8068.com
uniqloot.com
arcadestatus.com
seidsaleh.com
a4africa.com
renchies.com
sunilrpatel.com
pdbet168.com
yzshm.com
zhongheyouzhi.com
citraudaysinfinity.com
dk2arnw64qr9vd.life
bornean.website
italianchef.menu
slotdanatanpapotongan.com
aplomber.com
strictlyusedgolfokc.com
westfargo.xyz
46magic.com
desenvolvimento-curso.online
bynicholls.com
wintegrative.com
help-dunya-international.com
swindonconcretepumps.com
ghantasaala.com
fishgaudy.space
hml.email
colwoodrealtyauction.com
markjfinlay.com
madelineagnes.site
thecoastalgranddaughter.com
kreditrechner.pro
thebolingerfamily.com
marijevanrijn.site
Targets
-
-
Target
fzejdpOSxr_bin.js
-
Size
359KB
-
MD5
84fa540039df7abc11a136c8a43fde22
-
SHA1
175daef8a581ff8ae86cded1cb6f68373d665dda
-
SHA256
d5e68b8de115bfa8d06d5f407c3e6f9c95f545ff4a9ee16f9ba2706993cdd7c0
-
SHA512
7715e6ae047fdfee1ba18aa1adccb28f1608b591a5e710c687f8c599486163b85a432edbbebdeef2301cf779c969cfee1578ad75a57aceb6f8589b2c054595b5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-