General
-
Target
tmp
-
Size
632KB
-
Sample
220705-xkdf1sdgh3
-
MD5
cb38d8143b2216edab036acee36f25b4
-
SHA1
1401d9123df44612f599865e9b2df8941779c687
-
SHA256
7fd0e394a9d74592a74d04b3dccf2dcf8457d0e894cadadbf999c327e9b3940e
-
SHA512
15315313dc0cc805771c7a3ccdf20851e39279a001272cdf71e1078fd7b907d83ffa6fc6292e83743963849ea1b2433036e746c8377edf8f6c9dcb2f76e2f010
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
tmp
-
Size
632KB
-
MD5
cb38d8143b2216edab036acee36f25b4
-
SHA1
1401d9123df44612f599865e9b2df8941779c687
-
SHA256
7fd0e394a9d74592a74d04b3dccf2dcf8457d0e894cadadbf999c327e9b3940e
-
SHA512
15315313dc0cc805771c7a3ccdf20851e39279a001272cdf71e1078fd7b907d83ffa6fc6292e83743963849ea1b2433036e746c8377edf8f6c9dcb2f76e2f010
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-