General
-
Target
BL01345678053567.exe
-
Size
44KB
-
Sample
210408-3yrpj997fe
-
MD5
34f07a647ee6506ce224b934e0c53d46
-
SHA1
f2063199535bc94679ff93ac54fde30927e9f3a0
-
SHA256
d3df1a5eed27cd76b426b3b041bf7acd61e50276461c888cf761f3fbd1cf06db
-
SHA512
0df0314cea9acf6a8c3ce9510c74781abc5f54b05ced0a974dc611a0f5b4a6d18da27ee4b9fb7ba6ffcabc1ff7ef183a5220a5b8a2ae83da752382f94666d71b
Static task
static1
Behavioral task
behavioral1
Sample
BL01345678053567.exe
Resource
win7v20201028
Malware Config
Extracted
xloader
2.3
http://www.hnchotels.com/mb7q/
thezensub.com
wapedir.com
itt.xyz
mindframediscovery.com
sitesolved.net
beyju.store
belatopapparel.xyz
ridgefitct.com
huanb.com
brustwarzentattoo.com
jlasoluciones.club
sinoagrifcf.com
theskineditco.com
ccsdinstructer.com
wealththinker.com
pradnyanamaya.com
szmsbk.com
meezingo.com
ivyshermanboutique.com
tkbeads.com
network70.com
viralofilia.com
eversteve.com
softballlyfe.com
fashionpulos.com
myfashionest.com
thelandcle.com
xuuxacademy.com
shopbijousecrets.com
ynlklwsx.icu
mtasa.blue
covid19officers.com
bookitstaugustine.com
kuppers.info
therapeuticsmile.com
bestsocialprograms.com
alergiaalfrio.com
hepimizdostuz.com
shubharambh-gifts.com
drmellilo.com
visaad.com
caseysisters.com
accessibleageing.com
tokoryan.online
databasement.net
penstockdistillery.com
payelll.com
rockinghampress.com
tuyensinhhaiphong.com
myrecordsinfo.com
thegarnetts.vegas
veganktichen.com
helpmewithmyenergy.com
tootywooty.com
walmartadvisors.com
atrangii.com
sceantez.com
namigwe.art
davidkellywvhouse6.com
richardyg.com
pasouth.com
theblockparq.com
merkuryindustries.com
solidgroundsministries.com
Targets
-
-
Target
BL01345678053567.exe
-
Size
44KB
-
MD5
34f07a647ee6506ce224b934e0c53d46
-
SHA1
f2063199535bc94679ff93ac54fde30927e9f3a0
-
SHA256
d3df1a5eed27cd76b426b3b041bf7acd61e50276461c888cf761f3fbd1cf06db
-
SHA512
0df0314cea9acf6a8c3ce9510c74781abc5f54b05ced0a974dc611a0f5b4a6d18da27ee4b9fb7ba6ffcabc1ff7ef183a5220a5b8a2ae83da752382f94666d71b
-
Xloader Payload
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-