General
-
Target
sa.exe
-
Size
841KB
-
Sample
210506-235j6f91n2
-
MD5
0aecf41f923bf5cd728a670757af61ed
-
SHA1
57aba2a76789f270cc3a78903c1cd54ec15d2080
-
SHA256
c6f11920b2ae7f0255d65e4b04f9944247438ee4d346dc4745f50602df41007b
-
SHA512
ec827ca487e09e6e74451b0002c9769f882c1a162d0a0f2cfcecf7e6c3b9f2880ff7d25b8114351114a3f8bd6a83383cca183fbe44ea2db353eba10ceba2caf3
Static task
static1
Behavioral task
behavioral1
Sample
sa.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.cats16.com/8u3b/
pipienta.com
wisdomfest.net
jenniferreich.com
bigcanoehomesforless.com
kayandbernard.com
offerbuildingsecrets.com
benleefoto.com
contactlesssoftware.tech
statenislandplumbing.info
lifestylemedicineservices.com
blazerplanning.com
fnatic-skins.club
effectivemarketinginc.com
babyshopit.com
2000deal.com
k12paymentcemter.com
spwakd.com
lesreponses.com
abundando.com
hawkspremierfhc.com
midwestmadeclothing.com
kamuakuinisiapa.com
swirlingheadjewelry.com
donelys.com
stiloksero.com
hoangphucsolar.com
gb-contracting.com
girlboyfriends.com
decadejam.com
glassfullcoffee.com
todoparaconstruccion.com
anygivenrunday.com
newgalaxyindia.com
dahlonegaforless.com
blue-light.tech
web-evo.com
armmotive.com
mollysmulligan.com
penislandbrewer.com
wgrimao.com
dxm-int.net
sarmaayagroup.com
timbraunmusician.com
amazoncovid19tracer.com
peaknband.com
pyqxlz.com
palomachurch.com
surfboardwarehouse.net
burundiacademyst.com
pltcoin.com
workinglifestyle.com
vickybowskill.com
ottawahomevalues.info
jtrainterrain.com
francescoiocca.com
metallitypiercing.com
lashsavings.com
discjockeydelraybeach.com
indicraftsvilla.com
tbq.xyz
arfjkacsgatfzbazpdth.com
appsend.online
cunerier.com
orospucocuguatmaca.com
Targets
-
-
Target
sa.exe
-
Size
841KB
-
MD5
0aecf41f923bf5cd728a670757af61ed
-
SHA1
57aba2a76789f270cc3a78903c1cd54ec15d2080
-
SHA256
c6f11920b2ae7f0255d65e4b04f9944247438ee4d346dc4745f50602df41007b
-
SHA512
ec827ca487e09e6e74451b0002c9769f882c1a162d0a0f2cfcecf7e6c3b9f2880ff7d25b8114351114a3f8bd6a83383cca183fbe44ea2db353eba10ceba2caf3
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-