General
-
Target
transferir copia_03_05.exe
-
Size
823KB
-
Sample
210306-b49be6eqax
-
MD5
4f1a54809ac8e534239bade40b46bfab
-
SHA1
cc4ae9e1888fa1071fcccc56f8e46253bd00b99a
-
SHA256
3488d309b21afbc3b481320bcf1209908813e2eb8a63df772f740426034b9958
-
SHA512
d13542d590ec6482f6c0bbbbf6d504f39c64fd28f8e32ebb239a33193c0afe4cd4e938ca6a966e115aeaa92e21b0581d32cf8a736e764d66b237d573e303a705
Static task
static1
Behavioral task
behavioral1
Sample
transferir copia_03_05.exe
Resource
win7v20201028
Malware Config
Extracted
xloader
http://www.basiclablife.com/8zdn/
yourherogarden.net
onlineharambee.net
cerrajeriaurgencias24horas.com
distritoforex.com
verifyclientserverssr.com
dandwg.com
co2-zero.global
joshssl.com
meckwt.com
theammf.com
rawclectic.com
gzgnetwork.com
richmondavenuecoc.com
nicolelyte.com
thetinyclosetboutique.com
llt-group.net
seven-sky-design.com
joganifinancialgrp.com
elementsvapes.com
bingent.info
quaichshop.net
unethicalsgsblaw.com
matts.digital
lexafit.com
covidwanderings.com
pk972.com
fanashaadivine.com
winharadesigns.com
adosignite.com
goldengatesimmigration.com
unazampanelcuore.com
gasexecutive.com
sdps365.net
worthingtonminnesota.com
ducatsupply.com
beijinghui1.icu
hn-bet.com
homeforsalesteamboat.com
tiaozaoxinlingshou.net
mrbils.net
depuitycollector.com
winningovereating.com
usedonlyrvs.com
verbinoz.com
threepocketmedia.com
lizbing.com
fivestardogfoods.com
edevercal.net
irisettelment.com
beautyphernalia.com
terrawindglobalprotection.net
floridaindian.com
kidzistore.com
kulisbet117.com
logingatech.info
ftdk.net
lawwise.legal
bruthawar.com
lemonpublishing.com
6781529.com
zfxsotc.com
shroomsdrop.com
ahm-app.com
finesilversmith.com
Targets
-
-
Target
transferir copia_03_05.exe
-
Size
823KB
-
MD5
4f1a54809ac8e534239bade40b46bfab
-
SHA1
cc4ae9e1888fa1071fcccc56f8e46253bd00b99a
-
SHA256
3488d309b21afbc3b481320bcf1209908813e2eb8a63df772f740426034b9958
-
SHA512
d13542d590ec6482f6c0bbbbf6d504f39c64fd28f8e32ebb239a33193c0afe4cd4e938ca6a966e115aeaa92e21b0581d32cf8a736e764d66b237d573e303a705
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-