General
-
Target
9Vpz6YEQuRqDljF.exe
-
Size
664KB
-
Sample
220707-frc1dsffa8
-
MD5
ff73f2e9be581f3bbbaee6438a9ffa67
-
SHA1
6a77722a024580b6756120b1e0e358898557e129
-
SHA256
d24e3ddbed42b77cee50ff8a06e7414910d755cf2635eadf35b51091c8cba010
-
SHA512
b0b2c21cb7952d7b315671027c1af8ee46a684f42b50f50bac72787680290dc95f5ad9eb7451c0cec7fe4cc2b1f0ef22304a0beb877c8708f84515f952e8411f
Static task
static1
Behavioral task
behavioral1
Sample
9Vpz6YEQuRqDljF.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9Vpz6YEQuRqDljF.exe
-
Size
664KB
-
MD5
ff73f2e9be581f3bbbaee6438a9ffa67
-
SHA1
6a77722a024580b6756120b1e0e358898557e129
-
SHA256
d24e3ddbed42b77cee50ff8a06e7414910d755cf2635eadf35b51091c8cba010
-
SHA512
b0b2c21cb7952d7b315671027c1af8ee46a684f42b50f50bac72787680290dc95f5ad9eb7451c0cec7fe4cc2b1f0ef22304a0beb877c8708f84515f952e8411f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-