General
-
Target
50% payment.exe
-
Size
1MB
-
Sample
210421-gggj89226e
-
MD5
91d6babf1d4ec9c3ff032c9f44291161
-
SHA1
a9009a6c66d5b1f945d7e4ef88ed01dbf86f8d5d
-
SHA256
5aa4e2536c1e6a2b7ff9509081c03906f982a95df7e44bcf162429ac8f969f14
-
SHA512
6eda488e5c15e63db870163f652809ee1fce1169054cd296988e4d7bc6096091009bc7383efdb541fdfed2526ef18470896fe13971e84d7966a9ec30a1f72ae4
Static task
static1
Malware Config
Extracted
xloader
2.3
http://www.precigentriplegene.net/ey9c/
veitev.com
alpinerevenuemanagement.com
filthycarwash.com
semanticzone.net
biteasia.com
cranedlbh.com
dassinlegal.com
celebrityworldhindi.com
theberrydesign.com
neapmusic.com
bombayan.com
lux-n-lush.com
yourcoachingconversations.com
asafera.com
aleraretirementpartners.com
fewsolo.xyz
mgformations.com
jenningscaswell.com
fsgateway.net
egeektechlive.com
headlessbookingengine.com
jeljobsgh.com
talkracetogether.com
weedairstream.com
ameeera.com
jivermind.com
atxrealestateforsale.com
nadersadek.info
paintwithjames.com
hackettshousekeeping.com
nicksayler.net
nonnassnackbox.com
sweetcupcr.com
wallis-network.com
gironbeautysalon.online
emotionalopedia.com
emodly.com
hoosiermania.com
tojoglamping.com
tdhthailand.com
xn--vh3bo2id9pa.com
jn-mcdicai.com
toptanmaskesatinal.net
qwikley.com
checkbot.info
faisalmian.com
jeparlelafrance.net
jbwebradio.com
fraudcox.com
panda-destek2020.com
bootyyash.com
zgsyct.com
michelleandernesto.com
digitalallianceap.net
luxuryresortranch.com
cru5.com
digitalmedicalgroup.com
radicaleco.email
kadykaboutiques.com
hiphopjefe.com
zechenturm.com
cashflowplatformplan.com
kuppers.info
andreavermiglio.com
Targets
-
-
Target
50% payment.exe
-
Size
1MB
-
MD5
91d6babf1d4ec9c3ff032c9f44291161
-
SHA1
a9009a6c66d5b1f945d7e4ef88ed01dbf86f8d5d
-
SHA256
5aa4e2536c1e6a2b7ff9509081c03906f982a95df7e44bcf162429ac8f969f14
-
SHA512
6eda488e5c15e63db870163f652809ee1fce1169054cd296988e4d7bc6096091009bc7383efdb541fdfed2526ef18470896fe13971e84d7966a9ec30a1f72ae4
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-