General
-
Target
sample2.zip
-
Size
557KB
-
Sample
210507-21d12nfg3e
-
MD5
161cbd3f3248ee8eadcd9930ecc8859e
-
SHA1
1b9f4bbc3ea7343be2a8c313de1220ebea756b70
-
SHA256
9ed84f9f973b347f43b51d079a97623f4cc9f6d5a7b793e1593f26207101af3c
-
SHA512
77fc79ca930e5d36a315f4ae845620c828a31bed6f4210a7d58d2fcaf56d1cc62969c0ac194446a21c42a22ce59270f10fc5076abdd133c12a65de76647cdd98
Static task
static1
Behavioral task
behavioral1
Sample
winlog.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.zlzntiayc.icu/a6ru/
noseainsight.com
chateaudedigoine.com
tezhonda.com
lowergwyeneddmassage.com
convenienttext.com
quickbookaccountingpros.com
mashburneventcenter.com
marthabymsfashion.com
thearcadela.com
invisiblefingerprint.com
nikadoo.com
artsmartclinton.com
elitetouringinnovations.com
atualizarapp2020.com
nideke1.com
fyj-sh.com
rufflesales.com
algemixdelchef.com
appleoneplus.com
ryosuketanikawa.com
domainsforpharma.com
sxhsti.com
squeakyslimes.com
theccmsacademy.com
ketquavip1.net
hstchwritr.com
cabinettec.com
iiscoder.com
ozdjservices.com
needscheck.com
hammocksrecovery.com
thedaiquiriexplosion.com
tantricgirlclothing.com
stealthpup.com
homehunters-eg.com
buffaloce.com
resilientquality.com
020view.com
cheapyetihats.com
allamericanqueens.com
massagerest.com
photogenic.homes
globalcheapflights.net
kuppers.info
redfiendpub.com
nrbadvogados.com
nighthawkmediagroup.com
gilsilva022pro.com
healthpossibilities.com
japlasmartshop.com
6927199.com
pizzanpickle.com
schnitzel.party
spkariyer.com
amsterdambrownies.com
laboratorioinfodigital.com
retailmedicaldepot.com
registeraccountants.amsterdam
khadeidralegendre.com
indialearninghub.com
xinjidf.com
thehawkproz.com
shpmtents14.com
kelaskaya.com
Targets
-
-
Target
winlog.exe
-
Size
696KB
-
MD5
5d2f26ac6b48725279d98aa87eff8506
-
SHA1
7ab3874eb9d316a503133367b12d3628e6dbe264
-
SHA256
06bed76c389db454d5b86a64bf7127a21c013b48d79b3b83511263c424f5cf65
-
SHA512
e81c607ee870bde0e5a84714f1634e19f6959d1f46a4d5ffea2baeba241712ca4f2e2bdf4f6c8794db7b35216ded5d52743b7faac75d3382dd58f88e24294e41
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-