General
-
Target
XRqW4.exe
-
Size
320KB
-
Sample
201128-8z43eyhb36
-
MD5
7ebb3ae8efec620294fdfa3e99da78ea
-
SHA1
a545d8cd080a7237465ba3c63f8119d03369e005
-
SHA256
550187abd3b47d3796a1811dc016c935069ac631996de7cd428ae986b39b2107
-
SHA512
aa5ee27c3f3b55beefdda9103b9b548af9f04b41535b9e74379c3c8ed5904519766de4321a995047a63d958dafc20f82607b09678cf09f1b24ca29bec5facb0c
Static task
static1
Behavioral task
behavioral1
Sample
XRqW4.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
XRqW4.exe.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
nut
27/11
https://hac3r.com/wp-punch.php
https://womtools.com/wp-punch.php
https://valitec.co/wp-punch.php
https://empresascreciendobien.com/server.php
https://smartat.co/error.php
https://teamearenttopdiaty.ga/wp-smarts.php
Targets
-
-
Target
XRqW4.exe
-
Size
320KB
-
MD5
7ebb3ae8efec620294fdfa3e99da78ea
-
SHA1
a545d8cd080a7237465ba3c63f8119d03369e005
-
SHA256
550187abd3b47d3796a1811dc016c935069ac631996de7cd428ae986b39b2107
-
SHA512
aa5ee27c3f3b55beefdda9103b9b548af9f04b41535b9e74379c3c8ed5904519766de4321a995047a63d958dafc20f82607b09678cf09f1b24ca29bec5facb0c
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-