General
-
Target
TEC20201601.exe
-
Size
1.2MB
-
Sample
210116-a3w2es64as
-
MD5
19682ff802fd6fc13c896ba4572e9edc
-
SHA1
c52eed4a18f23464ef7c8968c4a7cad63564d2e6
-
SHA256
73384c630a5bcbb5201f567aa142fc712df5c2ceb9b61c301a5e4a025af2b3ca
-
SHA512
31b65796fa7de32a80ab5244edea91642cca0b3161bd82a93d5601bd1f9b28b5de6a6647a053dfcfca2d10a54165dcdff9f221cb49690707b9a4a85719a56dc1
Static task
static1
Behavioral task
behavioral1
Sample
TEC20201601.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.a-emeservice.com/m8ec/
thomascraigwealth.com
melbournemedicalhealth.net
tdxcoin.com
lukassbprojects.net
aldemallc.com
moqawalat-kuwait.com
txcsco.com
jobcarepro.com
sedotwcmedanmurah.com
niconthenine.com
radliffrehab.com
infiniteechogroup.com
stellantis-luxury-rent.com
ibusehat.info
resellerauctions.com
softwarexprogrammers.com
bumpnlifestyle.com
mintmacher.com
partapprintercare.com
justrightinsurance.com
beyond-ml.com
mikrotandborste.com
madisonmeadowsseniorliving.com
smart14day.com
fiftyfivetwelve.com
respectinvestadvance.com
shelleylutherfortexas.com
kunst-stueck-chen.com
adastraperaspera.xyz
aletheaastraea.info
zhghzlg.com
cameroncooperar.com
inrushconsulting.com
oldeny.com
foggardens.com
bubbygoobers.com
apartmentnegotiator.com
iregentos.info
charlesadoptionhome.com
sugawara-garasu.com
insidescripps.net
offerlamp.com
flagpeel.com
tb1919.com
estherneil.com
greatunsearchablethings.com
jeunetherapie.com
ricardoinman.com
sbq58.com
morifan.com
foodpukka.com
onewaytaxi.club
ksolves-vendor.com
ashleighemmaboyle.com
hbseelong.com
vanotti-watches.com
faizulrahmanmusafir.com
cb5677.com
gcasservices.com
perteprampram01.com
308hamlinloop.com
machkind.com
cwpdhambers.xyz
glenwoodsteak.com
Targets
-
-
Target
TEC20201601.exe
-
Size
1.2MB
-
MD5
19682ff802fd6fc13c896ba4572e9edc
-
SHA1
c52eed4a18f23464ef7c8968c4a7cad63564d2e6
-
SHA256
73384c630a5bcbb5201f567aa142fc712df5c2ceb9b61c301a5e4a025af2b3ca
-
SHA512
31b65796fa7de32a80ab5244edea91642cca0b3161bd82a93d5601bd1f9b28b5de6a6647a053dfcfca2d10a54165dcdff9f221cb49690707b9a4a85719a56dc1
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-