General
-
Target
dot.dot
-
Size
12KB
-
Sample
210408-j4xdkgfkxa
-
MD5
40f03856876fda8b3bda880d1d5a4636
-
SHA1
d252c054154c5524dfbf3f3238b32f711290fd36
-
SHA256
a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81
-
SHA512
559a93f09a07a3aa13ffce038ef2d47a1b73ef6301fd2799a9b3cae99b3e7b652e65951a318cbe7bc31ae25ffeb05c644b08f306553ec9c70b4e60794e1e6687
Static task
static1
Behavioral task
behavioral1
Sample
dot.dot
Resource
win7v20201028
Behavioral task
behavioral2
Sample
dot.dot
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.scott-re.online/nnmd/
bongwater.life
regalparkllc.com
gyanankuram.com
quehaydecenarhoy.com
israeldigitalblog.net
gatewaygaurdians.com
krphp.com
domentemenegi47.com
fjsibao.com
yetbor.com
goldenvalueable.com
finalexam-thegame.com
buyeverythingforbaby.com
phillydroneservices.com
xn--kck4cd0r.net
suns-brothers.com
xn--80aaxkmix.xn--p1acf
pjsgsc.com
7985699.com
blackmantech.fitness
acernoxsas.com
verochfotografa.com
az-pcp.com
clonegrandma.com
elpis-catering.com
gujaratmba.com
samanthataylordesigns.com
sinisviaggi.com
likehowto.com
ueoxx.com
americanscreentest.com
taniakarina.com
nevomo.group
syduit.com
elticrecruit.com
xn--v1bmo9dufsb.com
valid8.network
vt999app.net
privateselights.com
xpddwrfj.icu
mex33.info
ekolucky.com
v6b9.com
winnijermaynezigmund.site
papofabri.com
ranguanglian.club
vinegret.com
sorelaxedmassage.com
vr-club.site
raison-sociale.com
partapprintercare.com
dream-e-mail.com
cwcellar.com
vegrebel.com
my-weight-loss-blog.net
hcr.services
topmejoresproductos.com
foodates.com
l2zmamzoin.xyz
nevertraveled.com
ikoyisland.net
lawsoftwareteam.com
ufa2345.com
thechilldrengang.com
Targets
-
-
Target
dot.dot
-
Size
12KB
-
MD5
40f03856876fda8b3bda880d1d5a4636
-
SHA1
d252c054154c5524dfbf3f3238b32f711290fd36
-
SHA256
a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81
-
SHA512
559a93f09a07a3aa13ffce038ef2d47a1b73ef6301fd2799a9b3cae99b3e7b652e65951a318cbe7bc31ae25ffeb05c644b08f306553ec9c70b4e60794e1e6687
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-