General
-
Target
14500.50.Deposit.exe
-
Size
712KB
-
Sample
210505-3g7encpe7x
-
MD5
93b2ca391610d14085551d30b9b4dba8
-
SHA1
55e76c4988018dc93df899e2cda607418325910b
-
SHA256
6bd5e5d02430922bfce2893c805028ae0374fee203235b379856f8bc5f574a76
-
SHA512
c5f5f4a69885763a1fb620ff3aedc2abb76d648fe521c30bfdd9577e7e682c9343038db9ea640d6016813cab2c791a4caf1b2fc5bd24ae41cbfc1f70ba5f40a1
Static task
static1
Behavioral task
behavioral1
Sample
14500.50.Deposit.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.torontoroots.com/bfos/
jananihealthprojects.com
harmonize-your-home.com
hibiscuslingerie.com
mauipotatochips.com
truquedevida.com
motchutwibu.net
transformingyourskills.com
vparh.com
apnauto.com
clearspanai.com
gvcofcj.icu
championcakes.com
instanelson.com
appliedrestoxicol.com
thefamilybrew.com
lagunacrafts.com
aliferecovered.com
eastsolutions.website
theledgesashland.com
vkusomarket.com
slingshotsme.com
xindedb.com
banane-plantee.com
sarlsemo.com
spendsystem.com
desktopstorage.com
liujy101.club
antur.online
aerosyl.com
adonled.com
losangelescustomupholstery.com
existentialmysterian.com
locallinxusa.com
descendentesdeluz.com
laughtheglobal.com
aliascontact.net
prettylashezxo.com
moonystyles.com
sistermorag.com
thecocoadojo.com
lasvegasgracecity.com
snowshoevacationcollection.com
billingportaletv.com
vase-forever.com
online-nga-shpia.com
fengweitao.com
hongjiewuye.net
tukawpleung.com
nibrasalkhaleej.com
rusibee.com
in-homelandscapers.com
blockchainbiotech.com
criptoeconomiaconsciente.net
semnsint.com
cowlickgin.com
murdergm.com
xn--42c8aelh2c6bxac8ed2k0g.site
fastfoood.com
bunies3.com
yjdingzhi.com
phans.bet
cosmiklabs.com
simplestuff.tips
bely-jewelry.com
Targets
-
-
Target
14500.50.Deposit.exe
-
Size
712KB
-
MD5
93b2ca391610d14085551d30b9b4dba8
-
SHA1
55e76c4988018dc93df899e2cda607418325910b
-
SHA256
6bd5e5d02430922bfce2893c805028ae0374fee203235b379856f8bc5f574a76
-
SHA512
c5f5f4a69885763a1fb620ff3aedc2abb76d648fe521c30bfdd9577e7e682c9343038db9ea640d6016813cab2c791a4caf1b2fc5bd24ae41cbfc1f70ba5f40a1
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-