General
-
Target
a2af55df6445bcc019b1170bc7a58c66eac022e3a7e8b88666b1e81f50697588
-
Size
1.0MB
-
Sample
220706-kdzz8aafcj
-
MD5
195897320c3f7ded2d7db9a1a11b39be
-
SHA1
0c79b45bf75ec3a2a74e8dbeb6ff8f61349aa62f
-
SHA256
a2af55df6445bcc019b1170bc7a58c66eac022e3a7e8b88666b1e81f50697588
-
SHA512
6487e5536dcdc863a2a40823bbb1a2ec2034813c2aeb6a2bf3a39ce3bdeb5415aa077ea7d4146cf215ad097373f1c1d45e2e8449384033e3df8b81995cf890f6
Static task
static1
Malware Config
Extracted
xloader
2.7
n5mz
ezhuilike.com
broomstickrum.com
ramaniclothing.com
midbots.com
rlxscpe.com
elanagro.online
chahuajie.com
digipubcity.com
predatorstoppers.com
savas-jewelry.com
timinis23.com
homesteaddesignstudio.net
bellezadehoy.online
disintar.xyz
sharinks.tech
redfoxdetroit.com
resscoptheron.com
aspiritualgiftshoppe.com
tematemazo.com
assasa.net
rogfinance.info
ms7779.com
100shortvideos.com
funandfoodboat.com
hubinvoice.com
geroofl.com
unitedoceanlogistics.com
vineabank.com
manchimaata.com
comproorohuelva.com
schooledwriters.com
pastafrescabg.com
no-website-yet.com
waydiscount3.xyz
shroommhc.com
letbeautifyus.com
1869114763.xyz
gasurvivalgear.com
usdtsearch.com
bluewavewoodrow.com
shumeldavisual.com
onlinedegreesukr.com
iden3s.com
kathhyhenslee.com
norskeplanteskoler.online
fullsexzone.net
ssq0973.com
hayatcevredanismanlik.com
pageone.life
takeka.com
karbies.com
augustamobilenotary.net
equipoheza.com
thewoodlandsmusiclessons.com
albemale.com
chaobomedia.com
hg06809.com
icarus-soft.com
duckholland.com
profoxwebdesigner.online
admoola.com
ds922.com
antipeek.net
fanjingdesigner.com
sinibelanja.website
Targets
-
-
Target
a2af55df6445bcc019b1170bc7a58c66eac022e3a7e8b88666b1e81f50697588
-
Size
1.0MB
-
MD5
195897320c3f7ded2d7db9a1a11b39be
-
SHA1
0c79b45bf75ec3a2a74e8dbeb6ff8f61349aa62f
-
SHA256
a2af55df6445bcc019b1170bc7a58c66eac022e3a7e8b88666b1e81f50697588
-
SHA512
6487e5536dcdc863a2a40823bbb1a2ec2034813c2aeb6a2bf3a39ce3bdeb5415aa077ea7d4146cf215ad097373f1c1d45e2e8449384033e3df8b81995cf890f6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-