General
-
Target
1947e7b9_by_Libranalysis
-
Size
26KB
-
Sample
210506-fqa6nlnwwe
-
MD5
1947e7b98854c8e957127c460b86c1d6
-
SHA1
70b1a059d1a878dd08abe9dea710d62c8cf39fda
-
SHA256
e780b5cbe2ab50bdc79704182dd268becbcb29f6b9865edf684e67c9b364775e
-
SHA512
4abbb2811e145bcb11a0b38a76a1db5bee53801aeac46f0188c255f9e1b1a59b5654bdb93adf7ba5170495e0e735dbc6e23932dfbb7b77dbf24007e709d184f7
Static task
static1
Behavioral task
behavioral1
Sample
0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083.bin.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.innovativevan.com/i8be/
cdymjim.icu
globalmilitaryaircraft.com
slusheestore.com
freepdfconvert.net
itadsweden.com
legenddocs.com
metholyptus.com
966cm.com
mobilitygloves-protect.com
travaze.net
go-kalisa.com
believehavefaith.com
nywebhost.com
semitsol.com
wowyuu.net
cochesb2b.com
gobesttobuy.com
senmec23.com
bmsgw.com
newazenterprise.com
onlinefitnessmechanic.com
makeournationsafeagain.com
climat2020.com
hamsikoysutlaci.net
networkslice.com
wanganwanderer1.com
nationwidesignage.com
lucianmediazone.com
geekyweel.com
hzky888.com
mcfarlaneweb.com
c-w3.com
covidstracking.com
flowingwealth.com
sprinklesglobal.com
secret-mall.com
extraclasss.com
stasiapl.com
1905vintage.com
8649gb.com
brisketbeard.com
optionsafecode.com
foms4om.com
differentquartz.info
freshly.pizza
levettfyneralhome.com
leteeshirtboutique.com
creativesdanfe.com
t-oils.com
seoforamz.com
carbon2algae.com
kronospros.com
storepisode.com
viautong30.com
weipr.net
mjspizzaandwinghouse.com
e-yzr.com
webcamthing.com
wb917.com
sedentariocero.com
salon-solution.com
solgeneration.com
viviennevaile.com
weightlossbiloxi.com
Targets
-
-
Target
0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083.bin
-
Size
76KB
-
MD5
1670bb70c724ff6142617ac83676b3a0
-
SHA1
7bfd700d81d79b06d82c83d5f78a41990c6c391e
-
SHA256
0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083
-
SHA512
052a570f26c74a0982010b1f2b7caca42bb706a8ade59b5cdde4020fb1aa65bea3001b5b8ff23e95cd7f79a37ee0f908e05800f5f06eccf3e24a27c679bb29ae
-
Xloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-