General
-
Target
xPkiX7vwNVqQf9I.exe
-
Size
1.1MB
-
Sample
210119-kwtzghsld6
-
MD5
7c551b6169afa66e8966ad53730679ca
-
SHA1
d32cecce6d8f4dbe0556ad9fd0fc95f5eae93a56
-
SHA256
d087c47135a5a1f2aff88262dab08a447beb3c9a97aa18ee6a60212d81ee21f7
-
SHA512
f7652d9621b2d0acc049dfd0a712822b0f81cfc8072652256d9053d1a1193cecf6ad448157423d07bb8426b447eb99cb838f04642579800ea8116bee6711066d
Static task
static1
Behavioral task
behavioral1
Sample
xPkiX7vwNVqQf9I.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
xPkiX7vwNVqQf9I.exe
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.asicprominer.com/umSa/
lessensations.com
growcerybank.com
rvworkforce.com
djangosports.com
jgrosinger.com
tongjiash.com
rianebrady.com
xiaoxu.info
allwaysautism.com
couturev.com
dantedikhali.com
sagamoreca.com
sandisyardsale.com
happizi.com
moonchildboxco.store
maquillajembp.com
sojubythebay.com
verdexwellness.com
authenticperiod.cloud
bitpreserve.com
southernstarescape.com
therobloids.net
123hpcomsetu.com
hongtinvn.com
magnoliarack.net
jiegaojc.com
provaavincere.com
freefiregarena20.com
laurenpathak.com
become-flightattendant.com
shanyagus.com
top12watches.com
dcdialysiscenter.com
lawandlawholdingsinc.com
madisonpears.com
cakesinchargecatering.com
nc500-accommodation.com
cypherium.academy
wingmanwallet.com
spit-commodity.com
nhimlike.com
givebitties.com
xn--iiqa6618cvla.xn--hxt814e
abilitiesin.com
premioscreatube.com
foodtock.com
nationalmakeawillmonth.net
vettedwealthmanagement.com
bingent.info
betslotspin.com
sportsenviron.com
epskate.com
rsoliver.com
philrealtorpro.com
novelchapter.com
proclipperz.com
andresbuendia.com
bookmyshemale.com
newwavepost.net
4pro.life
sippatrbpnbireuen.com
asbuilt.services
speedfreightlines.com
irgendwie-sterben.xyz
Targets
-
-
Target
xPkiX7vwNVqQf9I.exe
-
Size
1.1MB
-
MD5
7c551b6169afa66e8966ad53730679ca
-
SHA1
d32cecce6d8f4dbe0556ad9fd0fc95f5eae93a56
-
SHA256
d087c47135a5a1f2aff88262dab08a447beb3c9a97aa18ee6a60212d81ee21f7
-
SHA512
f7652d9621b2d0acc049dfd0a712822b0f81cfc8072652256d9053d1a1193cecf6ad448157423d07bb8426b447eb99cb838f04642579800ea8116bee6711066d
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-