General
-
Target
48d5d5bc835c9bfa24c2f7fb0e3149190639d1d53eb99fac9b6a97df0f6d2908 (1)
-
Size
314KB
-
Sample
210420-jy2zqf5zvs
-
MD5
4a391bca07af23a8e735b4e4bba0a195
-
SHA1
8bd5c99ed285cb37429a7bf4a6e14012e4c04e1d
-
SHA256
48d5d5bc835c9bfa24c2f7fb0e3149190639d1d53eb99fac9b6a97df0f6d2908
-
SHA512
c46272ebd87e47186b682e4d64dfbde69aa60b7c8b4981af3accc89a943fd1d904b53bab8b87badfeace3b62e324970d85187543a5145ff8a57c982470dbdfba
Static task
static1
Behavioral task
behavioral1
Sample
48d5d5bc835c9bfa24c2f7fb0e3149190639d1d53eb99fac9b6a97df0f6d2908 (1).exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
48d5d5bc835c9bfa24c2f7fb0e3149190639d1d53eb99fac9b6a97df0f6d2908 (1).exe
Resource
win10v20210410
Malware Config
Extracted
xloader
2.3
http://www.numbri.com/sb9r/
greatdomainsales.com
otinca.com
paradiseinvestings.com
mygujaratjob.xyz
femmeacademy.com
thecrystaloutlets.com
tcv-group.com
beverlyjeanco.com
rxdrugrehab.com
jadrankaandco.com
latinoescort.com
boersenpodcast.com
strategicinsightltd.com
kuppers.info
stokje.com
monateki.com
merchantofsquash.com
herchanneltv.com
kloud-digital.com
yuemion.com
sanjosehemorrhoidcenter.com
mylorenzospizza.com
ub.cool
thegreenbattle.com
firstparfume.com
feliciacharlesart.net
mybotchedlipo.com
lovepeacejoygratitude.com
uviewtours.com
shipmentboard.com
qiuzhi34.com
castoresairsoft.com
718378.com
bryantparkfashion.com
doris1046.com
shoppingcoursed.com
observation24.com
ourdreamtribe.com
3bcredi.com
gsfdistributors.com
design-interiors.net
combovida.club
stickerzblvd.com
xn--khitn-j9a.com
carolinepresentbycw.com
g02sarua.com
okcfarm.com
satups.com
ziji.pro
lucrumglobaltrading.com
brand-sports.com
thewisebabies.com
thedruidmaster.com
pstlstore.com
cappadociaairporttransfers.info
seeknox.com
jeansquaredok.com
cypressroofinggroup.com
collectzone.club
fidelcarrasco.com
xn--schuldenzsurgesetz-ttb.com
miguelisolano.net
lahck.com
unoelephant.com
Targets
-
-
Target
48d5d5bc835c9bfa24c2f7fb0e3149190639d1d53eb99fac9b6a97df0f6d2908 (1)
-
Size
314KB
-
MD5
4a391bca07af23a8e735b4e4bba0a195
-
SHA1
8bd5c99ed285cb37429a7bf4a6e14012e4c04e1d
-
SHA256
48d5d5bc835c9bfa24c2f7fb0e3149190639d1d53eb99fac9b6a97df0f6d2908
-
SHA512
c46272ebd87e47186b682e4d64dfbde69aa60b7c8b4981af3accc89a943fd1d904b53bab8b87badfeace3b62e324970d85187543a5145ff8a57c982470dbdfba
Score10/10-
Modifies WinLogon for persistence
-
Nirsoft
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-