General
-
Target
svch.exe
-
Size
579KB
-
Sample
210421-lx8ns5vbna
-
MD5
a750b5c841200037a4e03a27ba5a6382
-
SHA1
d795e2443adfd4c9c1c10fbce9df60551a11c464
-
SHA256
08a758993c43a321076d8bbc7d9352f1affee8ae44db80c1cf2ced2e6f2cfed2
-
SHA512
0f1dc2653fe7349620057fd523a17dad0d84f46e8f3f15685dcfd8114b347e2d8515197a9838fd5114fa3f45c09952998b086698f630c90605ec4677f25809df
Static task
static1
Behavioral task
behavioral1
Sample
svch.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.xiangnanxiang.com/nqs9/
vescuderoabogados.com
reednorth.com
zoeyline.com
kittenclub.online
srichinstest2blog.com
wide-house.com
highandmightycornwhiskey.com
investmentbankersroundtable.com
godnomics.com
lynperformancetraining.com
alitafinance.com
cristinaandmore.com
sexyseniors.directory
p1monline.com
followingsharks.com
lurkwood.com
shopnayzierose.com
didsss.com
christophergagnon.com
bestpreschoolinorlando.com
brownboxtape.com
marketing-unplugged.com
freesarasotahomevalue.com
global-netflix.com
thetopwinners.com
realtortool.info
forling-humanresources.com
orang-id1002.club
7evensigns.com
jetbacks.com
nexosguatemala.com
studioterauds.com
anglediffer.guru
rockthelist.com
uraiy.com
inmobiliariakdna.com
sovedio.com
ydchat.com
anth74.com
familyfirstiaportal.com
bendpakorlando.com
smartmep.ltd
chaturbatelink.com
evenlightwellness.store
tcs-performance.com
vitarusclinic.online
mypetresorts.com
rebeccalchristophiwrites.com
fishfortuneproduction.com
proimagines.icu
drinkjawdrop.com
hillside-haven.com
goodmanstunts.com
capitalgainsreinvestment.com
xn--sueocapitalino-snb.com
extensionesweb.com
demetriusshipp.com
lifeplanportal.com
bestcovid-19treatment.info
gmcworktrucksandvans.com
commagx4.info
engineersuniversity.com
mkspilton.xyz
flifejourney.com
Targets
-
-
Target
svch.exe
-
Size
579KB
-
MD5
a750b5c841200037a4e03a27ba5a6382
-
SHA1
d795e2443adfd4c9c1c10fbce9df60551a11c464
-
SHA256
08a758993c43a321076d8bbc7d9352f1affee8ae44db80c1cf2ced2e6f2cfed2
-
SHA512
0f1dc2653fe7349620057fd523a17dad0d84f46e8f3f15685dcfd8114b347e2d8515197a9838fd5114fa3f45c09952998b086698f630c90605ec4677f25809df
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-