General
-
Target
c17715a67289a3e47a4dbb56e58d2298.exe
-
Size
679KB
-
Sample
220705-pwq79abbc8
-
MD5
c17715a67289a3e47a4dbb56e58d2298
-
SHA1
07c15664f30d9254aa053884423981bac818a57d
-
SHA256
2325ce40759e57ccc4f3fadde95aff3298fc4941ca8eca803ccf1588a879c13a
-
SHA512
a461c3072685f900b9269f0200c1e4a0c70658764c5e647e2bf2784370e848671f8f88f2b090bd926204d65eb687ea5a1da66240a61255e0238ab0c2ed193f65
Static task
static1
Behavioral task
behavioral1
Sample
c17715a67289a3e47a4dbb56e58d2298.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.9
v4qp
je1XQKU1LfJPVLk=
nvf41a7FsTLs6uB/g+CR
U7mryF6DctZn6GEjr9Bm4g==
1SONGrPdh7wGEOXp3g==
2xX859r7qOFq7GYkr9Bm4g==
IYtzVUx0Oo0HmZawLQAARDvBf4dL
NH3iuBPNSzZTvpw/4KaG
rDehfiqIPbdMBS8G1g==
xhb2uJ0eBwo7k3djqxh60xoNt4VoeQ==
AFtKux3JgPGRkx3xUsciR6piSg==
m+3VoJadWcBvOAPpzKUNPoAxyplS
1DWKULdka3mxIKhEqGxQr7gxyplS
DGlFGBqWi5CtrCX9alyTuPzq
muvVM4slyTfxORwAZisVksCM78aSEVo=
D3biNgUbyg9E5pl+
/+1QLPssvl/Xxg==
I4lzTjaAcc1iBS8G1g==
wSwc4MmbShojhlZCrniTuPzq
jN5YO6ZXSfJPVLk=
4TUS4+ANuqHCRTM9sniTuPzq
7Ssfd9ru/HPzWMZ42Z+E
TJl+UkzTsY6g86lyegOU3gw=
0juvfNqRgmJwwpc/4KaG
WJuGVDdhQj1Ux5s/4KaG
FHdjPTRtZc1rPwr8zUQfXogxyplS
1yUI9+gAwMPuYMWALzWc+w==
CW1UNSZVQKAlmQep/XYDYGot8HZX30M=
vRqFbt1zJfH304GOeAOU3gw=
P5CIQS65moOingakeAOU3gw=
d9dBqqBI+vgR0Q==
1zElifgR7DjBQhEgnWqTuPzq
Z60BYmHr5eHr4qiedQOU3gw=
HWU4MRo7NYMKvenJppIKPWxeSQ==
e3BN71BTWfJPVLk=
wy7WdMhKC6ZIBS8G1g==
XquYfmaLfMtjMdvi0UJCve3YPQ9/3VBp
KZGA1zHJgWB5XAUCtW5auQQ=
xiMia8hyQfJPVLk=
fs3InobYUU1v
g/FWtqk8QVV2fvykeAOU3gw=
Gk0rieTkzD/cYMxmtQij4wb9
sQ92QpZSTOWOi15IKJWeEYMaENE=
DmfkxD7hjeFXBS8G1g==
AF/WMxGNm+1qwhvu59Ziy96hOpN/3VBp
mPxzMqdFvl/Xxg==
wbYTecjCf2dE5pl+
bM22jGRvLWbm3dd/g+CR
3T4iifwiBwdGDun0r9Bm4g==
hd/Zp4qeQhkDA7I+sXVavwQ=
Y6UNZTVzVVVE5pl+
4V68Jxr1n3hpa/igeQOU3gw=
oxRu5bztvl/Xxg==
IoXeT3nFp316WK0=
LSJ+4y5JmmIN3w==
svtsPL5PAtT1ZVBKmNxkR6piSg==
Tqv+1CqslWNp1Z1v4rzl6xM=
nOjWOqSkigqvKn8jr9Bm4g==
5vNHav9pXUs=
51u5hOzjug9E5pl+
BV3fNCavl2Z69CjsSAHGFiPi
Pov+YD5zJgUUinyAxxhVrb6W7saSEVo=
sfvz0cLqvl/Xxg==
MZ0a3y3CnzpW1DsSU01xouShpVtF
ogaE4dJvYFB76MzDJpoQR6piSg==
erilb.com
Targets
-
-
Target
c17715a67289a3e47a4dbb56e58d2298.exe
-
Size
679KB
-
MD5
c17715a67289a3e47a4dbb56e58d2298
-
SHA1
07c15664f30d9254aa053884423981bac818a57d
-
SHA256
2325ce40759e57ccc4f3fadde95aff3298fc4941ca8eca803ccf1588a879c13a
-
SHA512
a461c3072685f900b9269f0200c1e4a0c70658764c5e647e2bf2784370e848671f8f88f2b090bd926204d65eb687ea5a1da66240a61255e0238ab0c2ed193f65
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-