General
-
Target
tgix.exe
-
Size
1.1MB
-
Sample
210506-a4wxhqscgx
-
MD5
2e3f9f38f7cb188b1f25028061c75724
-
SHA1
6fcc9441c9738e854d38e21a92a2a211049dc612
-
SHA256
b356ada562e3300d6a94806979b8920abbae8b40ff9ce89b5f5c2a10e0f970b0
-
SHA512
046ccf12497f5a63a1033b83ecd0a390e1eb088d9bcb5636163b1bb4b5d4a1b04532c7497a27a18b01a6a70739bb72b211376e99bb3b5572a7ba83766ab75550
Static task
static1
Behavioral task
behavioral1
Sample
tgix.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.liancaiwangv5.com/oerg/
brightly-common.com
petwellness.pet
oldhamluxury.com
cmpembroidery.com
physicalrobot.com
irynazumba.com
testyourself11.com
theblacksportswoman.com
mottestertraining.agency
confrontinghate.info
tamiigun.com
pod14.club
implementnowsolutions.net
letsdance.website
cashforkeysdz.net
grupoprotecsasac.com
kol-lek-tiv.net
funeralhomesmaroail.com
lwfunding.com
junkglobal.com
planbeee.com
cloudfoodz.com
jalilvandconsulting.com
dsheatpumps.com
loisirdefense.com
kitchensavershop.com
smarthealthubclub.com
happyupa.com
hellonetworker.com
sparkyspizzaor.com
avenew.pro
onlineregular.com
lateliersensible.com
nhietluyen.com
magicclass.ltd
cactusrootspalmsprings.com
bodascivileshouston.com
manicolada.com
tabernacleenterprise.com
pbpurchase.com
senmec23.com
assetnj.com
eveningtaxservice.com
gufobardo.com
ertcfdg.xyz
sky-odhner.com
ventures-sellers.com
anquanbx.com
proteccare.com
imprussts.com
solentplanning.com
eskisla.com
sparktheblogbycirque.com
retailala.com
freeglobe.life
business247.space
rentwithdex.com
clipsq.com
taratakeson.com
mkdepannage.run
kjfdjdjkfkjejfdre.com
fayd000.icu
freejobsalertpk.com
innovision3d.com
Targets
-
-
Target
tgix.exe
-
Size
1.1MB
-
MD5
2e3f9f38f7cb188b1f25028061c75724
-
SHA1
6fcc9441c9738e854d38e21a92a2a211049dc612
-
SHA256
b356ada562e3300d6a94806979b8920abbae8b40ff9ce89b5f5c2a10e0f970b0
-
SHA512
046ccf12497f5a63a1033b83ecd0a390e1eb088d9bcb5636163b1bb4b5d4a1b04532c7497a27a18b01a6a70739bb72b211376e99bb3b5572a7ba83766ab75550
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-