General
-
Target
tmp
-
Size
331KB
-
Sample
220705-w7xmqsbggq
-
MD5
4a80cec907b418a133ad5d3eea96923f
-
SHA1
b7772efaa512ed3465b17e07af829fedd9a885df
-
SHA256
54dd1a6be86907485cb1f716306eb8918116f873a9382e10d92f6632491c1074
-
SHA512
e8af59e857347c22a0cea3981122018b472482382fe11c642c4a67d182fc6aa78ea257f63630b36358b95304cbd07bc1048b35163af72fbb87329f3f1897bb2c
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
sk8m
cruisinforabluesin.net
elkntordo.quest
mtmoriginal.com
arespermire.quest
maisoulcolor.com
thegreekfarmerstaverna.com
midlife-fitness.com
uniquelyjessica.com
everybunnyeverybirdy.net
tryafaq.com
aandreashopp.com
selfyou.store
healthtradeusa.com
visiency.com
rainbowshopscom.com
raj-spostitve.com
jupiterflightband.com
haigui.ltd
theparentharbour.com
themutualfriend.com
nobodybutgod.com
seabreezewindowsanddoors.com
steam-whistle.xyz
xlg777.top
glazeind.com
onlinefreetestseries.com
aideritehealth.com
jan-lead.com
farmlimit.com
todofracciones.com
deluxeagent.club
greaterhartfordeats.com
sedyxim.xyz
loontproject.com
drsharonslanguageclasses.mobi
orkadoodle.com
raqsglobal.com
uniquepdglobal.com
niagarachair.com
hostageujkptp.xyz
tastemon.com
ywankm.com
rip-online.com
bousui.club
binges66v.com
superspeedshops.com
b148twpnmu5uvtvnvfk5916.com
myq816oyoukrf9winwyqsw.xyz
shoppernft.com
alexandra-coachingmarketing.com
goohosted.online
shalomroofing.net
y-s-charm.com
lagovistaestates.com
luxuryshopi.com
bekoopverzak.quest
sh10000.store
bama-blues.com
clearviewdirect.net
lotsofcoingifts.com
kcdaikuan.com
cryptopsales.com
meducators.net
oneworldeg.net
snowwisdom.com
Targets
-
-
Target
tmp
-
Size
331KB
-
MD5
4a80cec907b418a133ad5d3eea96923f
-
SHA1
b7772efaa512ed3465b17e07af829fedd9a885df
-
SHA256
54dd1a6be86907485cb1f716306eb8918116f873a9382e10d92f6632491c1074
-
SHA512
e8af59e857347c22a0cea3981122018b472482382fe11c642c4a67d182fc6aa78ea257f63630b36358b95304cbd07bc1048b35163af72fbb87329f3f1897bb2c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-