General
-
Target
NEW PURCHASE030421.exe
-
Size
763KB
-
Sample
210304-fmcbjk443s
-
MD5
22a713d3238d80c59e754d58dbbc258b
-
SHA1
eac5f6f22c3aa5e1616c683925db9b568a9b0813
-
SHA256
58415bcbd41e70c3f6d45f7b4fa75cf79c1f86f790decfec1dfe52be21f4c994
-
SHA512
f03cc374c3bfa1de62de177e99e6e5669664f1f70ded3b29972faa40d682461419b83655aba05b611efc0b3b1042face10a91f32fc2759a05d827138ab4c103d
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE030421.exe
Resource
win7v20201028
Malware Config
Extracted
xloader
http://www.besthardinquiryremoval.services/noi6/
daliglobalservice.com
thenationschristianchurch.com
aliqy.com
grace-saunders.com
endlessretirement.com
stanleycupticket.com
dltgame.club
healthqnahindi.com
salniyrk.icu
laurasbaked.com
vintagechinese.com
agrocomposites.com
aimedsports.com
vegeatsdirect.com
goh-pbl.com
fairview.global
affiliateprogramscenter.com
blogizarshop.com
loorzon.com
curtex.info
magasinerquebec.com
nc0002.com
ecosysweb.com
engagesps.com
viewdriverch.com
zoonsf.online
bdaface.com
jerukstar.com
shopownage.com
rameshwarrajshastri.com
giftdeliveryinonehour.com
beijingpussy.com
fresh6milmerch.com
oldendo.com
untetherednews.com
meti-core.com
tergas.xyz
waltersellshouses.com
pinjamdanaja.com
theearthtrees.com
realestatebrokernc.com
automationaccepture.com
reflectsounds.net
calculatorformortgage.com
verify-check-code.com
flowerquick.xyz
sabaifunpark.com
tridentcnc.store
vegasfestivaltickets.com
sevenwonderscoffee.com
bestbiz.agency
nativeteacheronline.com
speecherouges.website
cn-chnet.com
betamaxfilms.com
divinationbyalexa.com
wow2beauty.com
jimshoneyforever.com
excoinbig-pro.com
artinmemory.com
amoreweddingsevents.com
103york.com
lemirtillo-restaurant.com
sensitiveadvantage.com
Targets
-
-
Target
NEW PURCHASE030421.exe
-
Size
763KB
-
MD5
22a713d3238d80c59e754d58dbbc258b
-
SHA1
eac5f6f22c3aa5e1616c683925db9b568a9b0813
-
SHA256
58415bcbd41e70c3f6d45f7b4fa75cf79c1f86f790decfec1dfe52be21f4c994
-
SHA512
f03cc374c3bfa1de62de177e99e6e5669664f1f70ded3b29972faa40d682461419b83655aba05b611efc0b3b1042face10a91f32fc2759a05d827138ab4c103d
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-