General
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.23778.32013
-
Size
208KB
-
Sample
210430-tgw5j2sfr6
-
MD5
cc10e107d3dda5d8f78c1ecbd1cb5b2a
-
SHA1
f84f5268842991d4db24093bad17539bee29cb54
-
SHA256
5191f6a6fc1500632342d4820e8abd7c1d32c105f56399a2cece4e4db1fa77bb
-
SHA512
3aa55bbcb41b4daa54ed6e233f612458d3797b6605a99b5e2956ff2f9e52e21c13ee2ac868e4cef221c7a5836aed6e865ebedfafacb09ce9f85f1cfb9eee9e01
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware2.23778.32013.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.onyxcomputing.com/u8nw/
constructionjadams.com
organicwellnessfarm.com
beautiful.tours
medvows.com
foxparanormal.com
fsmxmc.com
graniterealestategroup.net
qgi1.com
astrologicsolutions.com
rafbar.com
bastiontools.net
emotist.com
stacyleets.com
bloodtypealpha.com
healtybenenfitsplus.com
vavadadoa3.com
chefbenhk.com
dotgz.com
xn--z4qm188e645c.com
ethyi.com
farrellforcouncil.com
everythingcornea.com
pensje.net
haichuanxin.com
codeproper.com
beautyblvdca.com
namastecarrier.com
xtrator.com
alphabrainbalancing.com
sensationalcleaningservices.net
magistv.info
shotsbynox.com
zioninfosystems.net
yourstoryplace.com
ebmulla.com
turkeyvisa-government.com
albertsonsolutions.com
7brochasmagicas.com
revolutiontourselsalvador.com
eastboundanddowntrucking.com
jkskylights.com
ultimatepoolwater.com
diurr.com
investmentfocused.com
dogscanstay.com
inov8digital.com
paragoncraftevents.com
reservesunbeds.com
melaniesalascosmetics.com
vissito.com
axolc-upoc.xyz
customessayjojo.com
kladki.com
online-securegov.com
xn--demirelik-u3a.com
plgmap.com
contorig2.com
dgyzgs8.com
valuedmind.com
sanacolitademarijuana.com
xn--6j1bs50berk.com
labkitsforstudents.com
lifehakershagirl.online
candidanddevout.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.23778.32013
-
Size
208KB
-
MD5
cc10e107d3dda5d8f78c1ecbd1cb5b2a
-
SHA1
f84f5268842991d4db24093bad17539bee29cb54
-
SHA256
5191f6a6fc1500632342d4820e8abd7c1d32c105f56399a2cece4e4db1fa77bb
-
SHA512
3aa55bbcb41b4daa54ed6e233f612458d3797b6605a99b5e2956ff2f9e52e21c13ee2ac868e4cef221c7a5836aed6e865ebedfafacb09ce9f85f1cfb9eee9e01
-
Xloader Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-