General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.24290.23882
-
Size
269KB
-
Sample
220707-d9b5psegc9
-
MD5
d5353394b28c55fb2649da8d66f74cb8
-
SHA1
c6143cadad1adef54b5d7cf7a90035feb3e283a0
-
SHA256
8054dd2e45880794d187893bf7274cb69cc628baa62eec2a2dfb514af50c37c4
-
SHA512
e001b38a85e3be0cf15ecabc5fb20658878cc516a25d36bd6d6ed70c611e130fcf499a9a26aeacd2760c2e109acff0f1055bde6766029e727214be7ec43b4c02
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.24290.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
tn61
ryliehorrall.art
mesdco.net
street-art-ink.com
sepetcin.com
stilghar.com
hawaiipooltiles.com
fuerst-von-falkennest.com
totalvirtue.com
xdk0blc0tqy6a7.life
zootowngravel.com
kreditkarten-optionde.com
6888tlbb.xyz
albertakleekai.com
travelnurseinfofinder3.life
valleyinnswat.com
secure-remove-devices.com
digitalswamy.com
www112casinova.com
medifasttrd.com
distritoxermar.com
ebwagner.com
biworker.com
0571kt.net
mjuelaw.com
buildlimitlesswealth.com
wbclips.com
session.care
museatthemill.com
pjhxsl.com
momentums6.com
electricbike.energy
accommodations.network
libroskolibris.com
sejintech.net
parkchestergardens.info
gndgame.info
arcwarp.com
aboveallonline.com
dinotacker.com
ufc188livestreamfree.com
saulomar.com
atmworldexpo.com
chooox.com
admissium.com
dacdem.com
oneruk-chandeliercleaning.com
oyster-iot.cloud
mutinybrewworks.com
yaoih.com
dmitchellpropertiesllc.com
nuoicaymosaigon.com
peacockgotv.com
nextr.xyz
bidvastil.com
shahanhan.com
goodlordy.net
banlyeojob.com
tasteatlus.com
ecotone-os.xyz
urbanartco.com
drecibo.com
davegwatkin.com
pharmiva.net
accordingtopreston.com
blizzardboy.net
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.24290.23882
-
Size
269KB
-
MD5
d5353394b28c55fb2649da8d66f74cb8
-
SHA1
c6143cadad1adef54b5d7cf7a90035feb3e283a0
-
SHA256
8054dd2e45880794d187893bf7274cb69cc628baa62eec2a2dfb514af50c37c4
-
SHA512
e001b38a85e3be0cf15ecabc5fb20658878cc516a25d36bd6d6ed70c611e130fcf499a9a26aeacd2760c2e109acff0f1055bde6766029e727214be7ec43b4c02
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-