General
-
Target
file.exe
-
Size
207KB
-
Sample
210503-vg1lhcscde
-
MD5
849068f05dc88d85058a3097c1679248
-
SHA1
072f1feb4eda0ef732007d5e0c783738e3803ca4
-
SHA256
a50394b33bb3fcf6c7413c2d5ba949329430d46b8e8870a9e26b8c65abd8598d
-
SHA512
83e55e4807dcb18eacede1999014f977324eb217e5de556c7c2537ccb1c95f00fbd1285a1a9cc406934ee485d6c55ec20e579d7117c1f908991b251456b068bf
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.citestaccnt1597666144.com/ud9e/
casezs.com
gascubby.com
pekodains.com
superskosh.com
avktinfracon.com
slink.finance
thegreathopeofearth.com
thebattleofthestars.com
utmxpxq.icu
mamaandbabycleaningservice.com
officialtimelessbeauty.com
keeper.network
leyingcp.com
helpforharrysheroes.com
cohenforleehealthboard.com
wsilhavy.net
logisticsconsultinglimited.com
btechnician.com
dynamicpersiankitten.com
nuplaz.com
localrealtypros.com
thamtuchuyentam.com
teiegraaf.com
halloweensweet.com
challengerburgess.com
martinsburgmethadone.com
peapatchvideo.com
gungoretiket.com
princesssexyluxwear.com
inlogservices.com
birrificiobastardo.com
meflyingbird.com
fishbasketapp.com
cbluebaytvwdmall.com
ceyrox.com
roanokevalleyautoparts.com
kunharindia.com
disneycollevtion.com
ullaskclc.com
businessresolve360.com
tignatine.com
aucpaimai.com
melfisherssilverbar.com
aimages.xyz
directsourc.com
kssunflowercoffee.com
enthuqsjhiasm.com
by-khaira.com
livetrancoso.com
muaythaiparaiba.com
check999.com
idahozip.com
jiguangtech.com
wondermadecreative.com
pigift.site
jomepc.com
kimsnagelstudiodiemen.com
tropicaliacalcados.com
jifang.xyz
bestreviews24x7.com
purehealings.com
contorig2.com
banirestaurant.com
ficvgroup.com
Targets
-
-
Target
file.exe
-
Size
207KB
-
MD5
849068f05dc88d85058a3097c1679248
-
SHA1
072f1feb4eda0ef732007d5e0c783738e3803ca4
-
SHA256
a50394b33bb3fcf6c7413c2d5ba949329430d46b8e8870a9e26b8c65abd8598d
-
SHA512
83e55e4807dcb18eacede1999014f977324eb217e5de556c7c2537ccb1c95f00fbd1285a1a9cc406934ee485d6c55ec20e579d7117c1f908991b251456b068bf
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-