General
-
Target
Drawing Image PDF.exe
-
Size
713KB
-
Sample
220706-yvy15sgfbm
-
MD5
d7ce2f78a17847431c921087487a8b91
-
SHA1
3a2b899ebfdac8a82b66bd95c4838162e066672e
-
SHA256
db4c0badc999b10f0dae3d1d80b59c3748de2f6f913fb7bff2d9303e4396a1b4
-
SHA512
519fd6855a7a22e42e363955593c108d498b2528dd8d3bc2bff2eaf7236be4af83d14c2c3cb90a347ce851286ac3859322cba7e8fed84e4873be29547223f47c
Static task
static1
Behavioral task
behavioral1
Sample
Drawing Image PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.9
k25e
Xvh6mA98aHhdW5PD
XpSglwzNIOqe9g==
RWuFLgQ7oCzN4U/2/A==
nf6FGPYyk+veLC0=
FnN4A9ALIOqe9g==
kcXTjYT8eRm8DQOuLW8mYOG8eN8=
yryblm3yv9iO+HZOTbxhSw/FtNcRng==
ZRazQ2DW84uiZaiw6w==
Is1fie9gWoUuX+Czzuk=
lV9ffbe7SO6B
Pj79m1gaBi8Fajo=
tTdnWml24M1Y4Q==
Zq3U8oC/5/SW
l2f5LrEsED3jSoYw/zoy2Q==
oM3TbW/saRS2N3Yqzi31mZoiw9go9Ck=
AyPthJYMGC4dRr3a
uJNV6qnUOsB4lGP6oRHjc00=
09OYj9e/5/SW
9UFZgN4YDzDkQTvg4KFqn2facZ19aGuv
F5PHzC1g0IBdW5PD
0efCe0KLXGwTa2ccNdBZkXnLpsPk
1SdigRqSiLpZoqA2/zoy2Q==
x2LgZ5D7IOqe9g==
XPqSsPx3ZIQqYJC8xjP1l/v/sTF9aGuv
9t2qVFfGJrynw7Vv9A==
Y7YCaBZJqSfd4U/2/A==
xuS8Z23aDPegBXMx/zoy2Q==
zNuyVARFPVQCa5U94WovD1dZ6GLs
Kk5kFBiJBqFcoJk1/zoy2Q==
9XPJHl3e1QnrHFVx9A==
soUiwJ3iUNZ/19OEGkY32yWfQMI=
S1EkvGqjDI49cajCZLdeduG8eN8=
Kg3EZCFQxVTwVOCzzuk=
pgM7UpTOvtaG0sMrhiKk
KYOMNj694M1Y4Q==
Ue9rlCmWfXosfOYUqZGAsVo=
k/EOFpIE8/6gC322ujsuc+G8eN8=
q+0DDZoTEiboMWTAZb+CMFI=
Vjcis7ZBk+veLC0=
pF985gsGJ+veLC0=
45cVNoav4M1Y4Q==
SBWvUhFVO1YVgPBY1P4=
y0il4iNWwWANZ5U3/zoy2Q==
8xUgLJUEORbPA9Ve9FoIUnYUwtgo9Ck=
tJ9iAB2gC5Z9ucfN
tXMOoKMj9Qm0EVQrhiKk
A3W102TRrsZ0r+gSHZp8u2HLy/n9
/q84vqkoCBvOQ73nAMS3o3b8
Ea3/NoLEt9yO20krhiKk
iKuyuPEeIDDdF08rhiKk
88ONNEa1KLRw2E8rhiKk
vPKHHvUIVeveLC0=
E991Csr8avWgAnMx/zoy2Q==
bY+rVzBkbIsmcNsSRey3o3b8
LofU7HziZQGrJV8YopGAsVo=
jTvI9EF5VVoZaGIarJGAsVo=
W7UiTtZoRF7+aaA6/zoy2Q==
aJ2mufsgBiLWOzX2JcEuXE6+YZ59aGuv
n1/rj7c+njjkJxHH/zoy2Q==
e46QH2R84M1Y4Q==
4Qsdwq0slfzmS4WfpNiCmXnLpsPk
x54mNp8UCC4dRr3a
76U2u3m4KdyE4AHCba9WdOG8eN8=
e/xBr6oge+veLC0=
rt-cards.com
Targets
-
-
Target
Drawing Image PDF.exe
-
Size
713KB
-
MD5
d7ce2f78a17847431c921087487a8b91
-
SHA1
3a2b899ebfdac8a82b66bd95c4838162e066672e
-
SHA256
db4c0badc999b10f0dae3d1d80b59c3748de2f6f913fb7bff2d9303e4396a1b4
-
SHA512
519fd6855a7a22e42e363955593c108d498b2528dd8d3bc2bff2eaf7236be4af83d14c2c3cb90a347ce851286ac3859322cba7e8fed84e4873be29547223f47c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-