General
-
Target
New Purchase Order.exe
-
Size
691KB
-
Sample
210507-26l6yrh78a
-
MD5
dd0f163ff1885ed5ead5e16be56f2cab
-
SHA1
6d1b890762439f0373bbb42eda00f01a72fe09c1
-
SHA256
de6e847b93ec297fb3e0cf0122b1c36e22f76529455b487d35539dad407bb7ce
-
SHA512
8681c64bc0ac2edc097a50533b1430851ae8c7b831032a7c11e5580caf0312041e56e369de84b6234041e148dbc7b8d2a7ebd9cef7b0b7df6e8c62ba7521131b
Static task
static1
Behavioral task
behavioral1
Sample
New Purchase Order.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.1a595vkdjhtktj.xyz/e8bw/
muteglad.com
bluemalibuboutique.com
maggiesurbanfarm.com
desire.vegas
i4khmer.com
kamatreats.com
ildentistadeibambinipg.com
bernaertsmusic.business
westtechoilfieldservices.com
cummvv.com
hankrank.com
jackrabbithighway.com
thecheesecakewhisperer.com
thedesignlynx.com
foreverwisconsin.com
drfksa.com
goemon-blog.com
tosh4tukwila.com
bunies3.com
maltvi.com
snst1688.com
xldefi.com
grandscienceacademy.com
friendzunited.com
dinosaurstyle.store
wiserlogin.com
theinface.store
kenhtintuctoandan.online
marijuanaconvictionlawyer.com
sdmstt.com
nothingbutblow.com
owllabstudio.com
jenyboogaming.com
bigalezzet.com
lannonchevrolet.com
defimove.com
7697vip12.com
yangfitness.com
ertufdg.xyz
lasheswithpyaar.com
bankatms.net
imrehomeiq.com
sameamascarenhas.com
edufairindia.com
tiffanyrosethomas.com
ppmpal.com
economicdevelopmentsoftware.com
aspirehousebuyer.com
bvipxx.com
vernoniaclassmates.com
vuasach.net
masks4beards.net
102laurelhill.com
prideem.com
more-than-hajime.com
teethwizard.com
zhenpin.world
fatilities.net
ultrasonicfloss.com
instarmall.com
darooforoosh.net
timeinvestorcom.com
windailyprops.com
solcasino86.com
Targets
-
-
Target
New Purchase Order.exe
-
Size
691KB
-
MD5
dd0f163ff1885ed5ead5e16be56f2cab
-
SHA1
6d1b890762439f0373bbb42eda00f01a72fe09c1
-
SHA256
de6e847b93ec297fb3e0cf0122b1c36e22f76529455b487d35539dad407bb7ce
-
SHA512
8681c64bc0ac2edc097a50533b1430851ae8c7b831032a7c11e5580caf0312041e56e369de84b6234041e148dbc7b8d2a7ebd9cef7b0b7df6e8c62ba7521131b
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-