General
-
Target
55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
-
Size
655KB
-
Sample
220725-g1bdlaacfp
-
MD5
52c7af6bc13670eb0b4b830d4f60fd7b
-
SHA1
b6d3c5f7f912ef524dc7e2679a6e205a0fb88b13
-
SHA256
55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
-
SHA512
6f6a0482962d39e3bd5fedf8c3db14607fc0cce81b544df5578aa8f408a18c106b58c5d8b7c8fdd5e8cafac30477a892cd3203cb452fd321d8e2397baa850bae
Static task
static1
Behavioral task
behavioral1
Sample
55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907.exe
Resource
win7-20220718-en
Malware Config
Extracted
xloader
2.3
o8g5
janeyelizarobertson.online
skachat-mp3.com
teamugoldzulu.com
qizuibashe.com
futuregainz.net
deedlife.com
findersguilde.com
memountainbikeadventures.com
carflagsmagnets.com
queenofheartsshop.com
jematai.com
adriannawilleford.com
dryfamwines.com
capitalsorted.com
runtaoyan.com
1833sell911.com
ysh9006.com
fouracrefoods.com
greenfieldjack.net
jokerjackpot888.com
eurekastove.com
mujermaspanama.com
jewelersgoingdigital.com
khalsapagree.com
do-not-lose-hope.com
heathenweddings.com
betauvf.com
suitablechoices.com
4504miranoct.com
getmedicarechoices.com
bestkidproducts.com
scratchglazing.com
thisgypsy.life
castaliahome.com
35k-comm.com
vaporforrest.store
lionssharebakery.com
hgghmoney.com
findmaritimeattorney.club
hospudkausklenaru.com
bingent.info
mng-electrique.com
rocketgoldcorp.com
grovesbizdirectory.com
thefitgirlcollective.com
constech.online
assetrecoveryauthority.com
betweenthepagesblog.com
thefourseasonsshaving.com
cindywindy.com
discz.info
balanceqa.com
tahitianfood.com
ygkcg532n04dgb.xyz
sophists.expert
findhomesinnormanok.com
chloecovesbgm.net
gethyperrelief.com
jillpatrick.com
chillerpros.com
anyuapp1.com
oceancolourworld.com
cissycouture.com
1907coffeelab.com
apuestasdeportivasbet.com
Targets
-
-
Target
55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
-
Size
655KB
-
MD5
52c7af6bc13670eb0b4b830d4f60fd7b
-
SHA1
b6d3c5f7f912ef524dc7e2679a6e205a0fb88b13
-
SHA256
55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
-
SHA512
6f6a0482962d39e3bd5fedf8c3db14607fc0cce81b544df5578aa8f408a18c106b58c5d8b7c8fdd5e8cafac30477a892cd3203cb452fd321d8e2397baa850bae
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-