General
-
Target
PO.exe
-
Size
529KB
-
Sample
210412-7f6kcpterj
-
MD5
4bb710142c4fa183e24dbd3ce3c7b51d
-
SHA1
64a659096deda60c37861ddc0d26d3bfb11cc0c7
-
SHA256
4903d25c490e1b6c899c4fb9d3d3eb16d79c802245d4c2b667ff06f42724e358
-
SHA512
7b157763a01bcfba0a66d026af138209a2b3fccd955e789158d39a5e4738491f8146c1894aceabae42e7e064b02314f098ea52351dcbd2f66feed2b8ee6acc35
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.retro-e-scooter.com/sawc/
prozedere.com
p53mutation.net
sidepiecebags.com
5865145.com
hushadianji.com
riseses.com
curvywahinemaui.com
marienish.com
tenxtimes.net
xcusehheseje.com
tjtradelimited.com
mitraberdaya.com
koedk.com
currenibtc.com
casa-rural-via.com
prcodes.xyz
brandariz.net
mcsc.club
curiget.xyz
juli.world
healingfory.com
xuji68.com
homartist.net
acmetestanvils.com
oaisdjoqwekxc.info
wwwflixxy.com
clickwisconsin.com
magiqueweaves.com
uox5.com
boxj66.com
yxcqi.com
streaknews.com
uorda.delivery
milkflavor.xyz
pandaning.com
in-homeaccountants.com
elblogdeyolie.com
toughupshop.com
sdubbink.com
sentryinteract.com
swpszx.com
obsconth.site
zhdplastic.com
italia-re.com
unsoldmelodies.com
pciconsultings.com
upliftgrp.com
paraiso.info
xyxrprt.com
adanahabernet.com
gopherguidance.com
aengenheira.com
myvegasboatparty.com
abzarnovin.com
atlantadomain.com
sobukar.com
directingandfilming.com
cross23172.com
harp-lily.com
kentuckymeosnet.com
wholesaletreenursery.com
postmaster1.digital
howtolistentomusiconline.com
cqvckj.com
Targets
-
-
Target
PO.exe
-
Size
529KB
-
MD5
4bb710142c4fa183e24dbd3ce3c7b51d
-
SHA1
64a659096deda60c37861ddc0d26d3bfb11cc0c7
-
SHA256
4903d25c490e1b6c899c4fb9d3d3eb16d79c802245d4c2b667ff06f42724e358
-
SHA512
7b157763a01bcfba0a66d026af138209a2b3fccd955e789158d39a5e4738491f8146c1894aceabae42e7e064b02314f098ea52351dcbd2f66feed2b8ee6acc35
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-