General
-
Target
b594d28ecd8be49f2ec9512008cfcbba.exe
-
Size
366KB
-
Sample
220706-tgryfsgga9
-
MD5
b594d28ecd8be49f2ec9512008cfcbba
-
SHA1
e6a3254ad46bd308832c2e4642c82151b61fe247
-
SHA256
038022c6f5c04dba6aa5b9289461209678a511329ad714ac45b132ad64ab8d60
-
SHA512
dfa5ae2e8d75ca8cb97ce4e5b21ecce36f5ed9267d40d886f9c810539871404276ea346f0d0b36a9dccf61bb1e292212325fc7625a583be212fc62058be849cf
Static task
static1
Behavioral task
behavioral1
Sample
b594d28ecd8be49f2ec9512008cfcbba.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
sk8m
cruisinforabluesin.net
elkntordo.quest
mtmoriginal.com
arespermire.quest
maisoulcolor.com
thegreekfarmerstaverna.com
midlife-fitness.com
uniquelyjessica.com
everybunnyeverybirdy.net
tryafaq.com
aandreashopp.com
selfyou.store
healthtradeusa.com
visiency.com
rainbowshopscom.com
raj-spostitve.com
jupiterflightband.com
haigui.ltd
theparentharbour.com
themutualfriend.com
nobodybutgod.com
seabreezewindowsanddoors.com
steam-whistle.xyz
xlg777.top
glazeind.com
onlinefreetestseries.com
aideritehealth.com
jan-lead.com
farmlimit.com
todofracciones.com
deluxeagent.club
greaterhartfordeats.com
sedyxim.xyz
loontproject.com
drsharonslanguageclasses.mobi
orkadoodle.com
raqsglobal.com
uniquepdglobal.com
niagarachair.com
hostageujkptp.xyz
tastemon.com
ywankm.com
rip-online.com
bousui.club
binges66v.com
superspeedshops.com
b148twpnmu5uvtvnvfk5916.com
myq816oyoukrf9winwyqsw.xyz
shoppernft.com
alexandra-coachingmarketing.com
goohosted.online
shalomroofing.net
y-s-charm.com
lagovistaestates.com
luxuryshopi.com
bekoopverzak.quest
sh10000.store
bama-blues.com
clearviewdirect.net
lotsofcoingifts.com
kcdaikuan.com
cryptopsales.com
meducators.net
oneworldeg.net
snowwisdom.com
Targets
-
-
Target
b594d28ecd8be49f2ec9512008cfcbba.exe
-
Size
366KB
-
MD5
b594d28ecd8be49f2ec9512008cfcbba
-
SHA1
e6a3254ad46bd308832c2e4642c82151b61fe247
-
SHA256
038022c6f5c04dba6aa5b9289461209678a511329ad714ac45b132ad64ab8d60
-
SHA512
dfa5ae2e8d75ca8cb97ce4e5b21ecce36f5ed9267d40d886f9c810539871404276ea346f0d0b36a9dccf61bb1e292212325fc7625a583be212fc62058be849cf
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-