General
-
Target
SecuriteInfo.com.Heur.MSIL.Pretoria.1.32389.24674
-
Size
642KB
-
Sample
220705-rkjp5saacq
-
MD5
5f8b5e708fac3e104ce3ccfa9570e1bb
-
SHA1
4fa68f6cadcb8d54ebf700cc6105f3d601f56f83
-
SHA256
36c82bea7381b157879abc9aedfa192d05ed7a5735781fedd248000e1364bade
-
SHA512
ed2f0a4b4826accfeff0ca73aac71a05ea813b23e010750b4becaae6b6262fcd914ce09e6986290c9762063e35b657444ef137600c5b89aa44fe490a8f998953
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Heur.MSIL.Pretoria.1.32389.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.8
qm5s
0hik40Q3UhxPsw==
JISUEx3s7xDypTBW
i9pv35p8mq/efPnMnjc1
d4OyCX3u9cQP8Lg=
2BLgZcivstP+
pAC7/mJD57GtLrGkijZAM4GQ
oa5Jvt6QpWLmu4hJ7A==
zQh+7kjKwlHfu4hJ7A==
v7xT2kCqy/QN7sKJtRpBtXbvxmvJiZRxjA==
JR0YYed9qFflu4hJ7A==
ovXuQiQQExpJ43yWMufw6X0FblY+
TJrP8LKDiabXu7dZ8Q==
EWVThU33hz1SKSGFmuk=
U5hFmhXVHoMVpA==
DUAxo4ghz4lpeLBV5Zm2Cnbbzhw3
3EbjPYoyPdZ9SDxzAIvOlUCY
2AGmAHBX0neTLcX9lRt2xUTLiuNcRrw=
dGMClACgFTrpu4hJ7A==
S0XMDQKAN2zzlQ4oz4HOlUCY
IUfZIC6jOFTjvP6U8yd3Mw==
c7jBSz7ljkhl8U74FHZpcsQFblY+
5h9kyJhmh1Twej/dc0OFfkpMSA==
VdWLrJAzyRiAAq8=
IzIzYybUej1MJiGFmuk=
imsqGaMmMdNmBBvZYC0/MqxL7Q9hxpJ9
Ly4rb/NqXu1QSQLQ5A==
IRLRFnxFcTXYVJmOtvQ=
7eugIW3eAb5F2ugXO0TZfzQ=
Oz5AgG9CLsRW5N6Y8yd3Mw==
YqIqUN/Wzdc=
QHwQSwulu8A=
APkJWCsHRNfw
Jm7vbduCo0fZu4hJ7A==
QWQLV0m8RMQP8Lg=
x8QMYlcwRwWROfmpyCU8raXCaP4=
KF6X69WuzI0dqKTaBjY9raXCaP4=
e+DVHQvk24Ew+bpYeO3vCrwnHD5hxpJ9
FGFM6/e2/aS7SA3xiDQ9
N1NinRV6jZ2wQs3deESFfkpMSA==
6yqu3kpclKlKxqKsiuz1ckLNjuNcRrw=
cH4OY9Ws3Zwrj44Q9S0i
9fe41bVODNGutEZV
nMnQBYHt9cQP8Lg=
wPAkeHFccImZZ1GGIrGllzSVTjphxpJ9
XLwzaruvstP+
h65Zpp82yl57MnAjvHzOlUCY
KXj7oJJqaNrtdL0=
VHZ1sS+4uFf8qGkYK0TZfzQ=
HnIGgwnC6qBNHiGFmuk=
OoABbYdVT+6EHCvlc0uGfkpMSA==
jLwElI5BNEtlQChL5onOlUCY
qsbkBcOmxtwCmBIqz4HOlUCY
jpYAD0Y+UhxPsw==
+uwSfxYXHjNkJZQQ9S0i
6fIlnW7lsX8pwdKU8yd3Mw==
BvCPIbinO1uutEZV
hYxK3EfrCbtTztKZ8yd3Mw==
h5GExLaTUwYTivjMnjc1
+ev9X88SHoMVpA==
Q6Qzp+LQ5IEeG6hjgeE=
xcrB61/iHoMVpA==
Dw+wDWhG4KKzYvfMnjc1
RpIimPKbLe8W8Cu3AyJpKg==
GDpl8e7G2vwZN8RahjI9
leviathanfishingco.com
Targets
-
-
Target
SecuriteInfo.com.Heur.MSIL.Pretoria.1.32389.24674
-
Size
642KB
-
MD5
5f8b5e708fac3e104ce3ccfa9570e1bb
-
SHA1
4fa68f6cadcb8d54ebf700cc6105f3d601f56f83
-
SHA256
36c82bea7381b157879abc9aedfa192d05ed7a5735781fedd248000e1364bade
-
SHA512
ed2f0a4b4826accfeff0ca73aac71a05ea813b23e010750b4becaae6b6262fcd914ce09e6986290c9762063e35b657444ef137600c5b89aa44fe490a8f998953
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-