General
-
Target
Attached PO 30745..exe
-
Size
339KB
-
Sample
210306-1yvccg95c2
-
MD5
b9e83e658b49b3bc5b0a29ce2a723178
-
SHA1
54416740ac2491c4c1a969acc67aaf176ac149b7
-
SHA256
8ac91a60c2a592357abacbf82b84ecaa4441c302071d04702c722befc7165350
-
SHA512
95e836093ddb768b06093b3afbb9f99e2a48a41a3177918ee5a28d6993de6e07e04fda46d52897150088c9feb95e6eed28f0ff143c3c19d44ba50d5a9ef0ec79
Static task
static1
Behavioral task
behavioral1
Sample
Attached PO 30745..exe
Resource
win7v20201028
Malware Config
Extracted
xloader
http://www.magentos.info/za004/
meihebiotech.com
4clicksecurewipe.com
essentially-best.life
real-castings.com
ivetha.com
hczx618.com
1990sinsertcarddatabase.com
testdrive.digital
johanneroussy.com
lyhyzl.com
ajekj.com
mikima.site
tennisfaction.com
fwril.info
hancockinstituteofjazz.info
nespressoonline.com
zeehostonline.com
academychic.com
1nha.com
moneylinetees.online
aspiresystem.site
bosco-ink.com
brisbaneboardcompany.com
toolsfortradies.com
b-as.com
7888bct.com
czwjfx.com
collagenblu-marine-collagen.com
cryptofromlifeapp.com
urbcasuarinas.com
produktanalyse.com
anjuharleen.com
photographybookreview.com
stmarkcathedral.net
k2states.com
bestqualiti.com
agentvita.com
diversifiedfoodbrokers.net
meayow.com
purchaseandrefi.com
adultrealstories.com
hzditing.com
pendi-kimak2.com
driveesports.com
ilpallinodiarianna.com
iworkandsave.com
iamjaydr.com
meishimaishou.net
wiseroadservices.com
iris2skin.com
mixedroots.net
ctfx1.com
pioneergamesuk.com
1l1twouser.loan
interiorenergies.com
q-beez.info
wintrustlifefinance.com
jinshavip13.com
thecashed.com
astralpanda.co.uk
millennium-bronze.com
shopaboard.site
redirectshare.com
emiljazovko.com
Targets
-
-
Target
Attached PO 30745..exe
-
Size
339KB
-
MD5
b9e83e658b49b3bc5b0a29ce2a723178
-
SHA1
54416740ac2491c4c1a969acc67aaf176ac149b7
-
SHA256
8ac91a60c2a592357abacbf82b84ecaa4441c302071d04702c722befc7165350
-
SHA512
95e836093ddb768b06093b3afbb9f99e2a48a41a3177918ee5a28d6993de6e07e04fda46d52897150088c9feb95e6eed28f0ff143c3c19d44ba50d5a9ef0ec79
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-