General
-
Target
tmp
-
Size
635KB
-
Sample
220705-xaeakabhaq
-
MD5
2648e55802ea0888fea42a50ff7443a9
-
SHA1
1de56299bfca5e0417263ba8954a925f6d5cf8fb
-
SHA256
a9aa59bed8eb3e4839b215c072549c359c3867b238e65c4bf98a5f274d2808bb
-
SHA512
ecbcfd564144f225250309786f1e828383e8e524c75b548990b6aa739e8cf794ac7d076fa93e8da3abc512ec747092623cc44676de25fb373163754750b8a08f
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
tmp
-
Size
635KB
-
MD5
2648e55802ea0888fea42a50ff7443a9
-
SHA1
1de56299bfca5e0417263ba8954a925f6d5cf8fb
-
SHA256
a9aa59bed8eb3e4839b215c072549c359c3867b238e65c4bf98a5f274d2808bb
-
SHA512
ecbcfd564144f225250309786f1e828383e8e524c75b548990b6aa739e8cf794ac7d076fa93e8da3abc512ec747092623cc44676de25fb373163754750b8a08f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-