General
-
Target
ادائیگی کی کاپی 02604021.exe
-
Size
651KB
-
Sample
210426-57fhrl6kan
-
MD5
ca2ef02d49dbcfcb00c8c52003404fff
-
SHA1
4f1d328e01db016d4b66ffd6cfacf2ae31604f95
-
SHA256
bcf09c801e101acbaa20ef272f86c7eac2c311bf20c6a5b6e245fc0b92be576e
-
SHA512
3370b3e40fe7fb06a7456fd0a23691cd922e5a34f37a16275990db3d838c587aba19ec744cf4894a4614660489c9ae22fda876b2f1711d2ea36ce40adb8bb699
Static task
static1
Behavioral task
behavioral1
Sample
ادائیگی کی کاپی 02604021.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.dailand-photography.com/i8ge/
inthe.press
washabsorber.com
zjsjmm.com
systematicrisk7.com
362wy.com
isitcss3.com
citestkotimiri12.com
interviewpeeks.com
xiongmao30.icu
locatelucy.com
redeye-tech.com
szymmusic.com
celebrationordinance.life
studybyyou.com
desa88.com
crt.cool
niotrucks.com
logisdelagibouliere.com
baylg.com
top7pro.online
speedaviaultra.info
batdongsanhanoi24gio.com
uam.xyz
moenix01.com
magetu.info
hiltonivc.com
healthwellness808.com
discreetidleness.com
braidbadges.com
rockettruth.net
acornhomesuk.com
kariswalker.com
hsb-c-online.net
checklistdesucesso.com
pudmuckles.com
theorganizedmermaid.com
somosqpoc.com
globalgirlcountryliving.com
apellis.info
lzsjzt.com
kristinlisa.com
freeuc80.com
irace.bet
xn--g5ch.com
iposcentral-dev.com
ass-cn.net
bluehostexpert.com
rackeroomshoes.com
blackbranchblueberries.com
movyuac.club
dollartreestorelocator.com
kongorenaissance.com
la-camerise.com
texashillcountryexplorer.com
afrooutfitters.com
puroevents.net
trc-news.com
insightwireoffical.com
starbets365.com
stealthvs.com
mikehanesonline.com
boneheadedbrands.com
cadxpresstrucking.com
xn--ycr7s7jl43p.com
Targets
-
-
Target
ادائیگی کی کاپی 02604021.exe
-
Size
651KB
-
MD5
ca2ef02d49dbcfcb00c8c52003404fff
-
SHA1
4f1d328e01db016d4b66ffd6cfacf2ae31604f95
-
SHA256
bcf09c801e101acbaa20ef272f86c7eac2c311bf20c6a5b6e245fc0b92be576e
-
SHA512
3370b3e40fe7fb06a7456fd0a23691cd922e5a34f37a16275990db3d838c587aba19ec744cf4894a4614660489c9ae22fda876b2f1711d2ea36ce40adb8bb699
-
Xloader Payload
-
Deletes itself
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-