General
-
Target
GLqbDRKePPp16Zr.exe
-
Size
699KB
-
Sample
210507-3mc9fyvpen
-
MD5
bbe5641d7a7fbbe17e103522c9ead66c
-
SHA1
74fef268b5da950ffe194927129c707c37fd7347
-
SHA256
4c6e43c5746182cb3cf7e928fda456101b27c8c4d277658540912500d4b06239
-
SHA512
7aa17f1f507cf49067f033b0e95ef456f607c85422bc925a761716d1f60dab8d1525a70ce0acfd73d23289d3bc3255fa51513b7622aaf2278f80dfd6667bd64d
Static task
static1
Behavioral task
behavioral1
Sample
GLqbDRKePPp16Zr.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.swi.tours/bmfb/
arizonaparaprofessional.com
squareworld.club
30acresondittman.info
knowthesolution.com
contigo-psicologia.com
and.today
celticjasmine.icu
staysafescotland.com
chicksgogo.com
beconfidentagain.com
bunies3.com
klpj-estate.com
jamarp.net
ortigiarealty.com
buildurbudget.com
kenttreesurgery.com
exportproducers.com
handesanitzer.com
ivanramirez11.com
clairezolkwer.com
changeagentgroups.com
clouddistributioninc.com
drinksturs.com
betacolorusa.com
meipom.com
thejesusfanclub.com
funkydemo.com
mywiseguru.com
ourfamiliestoday.com
diesdasasanas.com
devaquetsitusavais.com
bide168.com
lightningfastcharger.com
thechangobotanica.com
wvpvkmzxa.com
takeka.com
quinfootwear.com
neoliderazgo.com
solidapis.com
netoyou.com
betterdaysahead.info
punkting.com
lqhomesdesign.com
theradiantteam.com
excelsiorsupplyco.com
fastcustomsign.com
flipkart.media
proudlabel.net
irynazoomba.com
ww-er.com
cribized.com
blueonlinestore.com
bidentrumpsall.com
legioonstore.com
ljurl.com
vanessahugginsenglish.com
bucktoothhook.com
headbubba.com
cronutsfactory.com
powerbikemonkey.com
washedauto.com
attots.net
schouteninstitute.com
accesoriosstore.com
Targets
-
-
Target
GLqbDRKePPp16Zr.exe
-
Size
699KB
-
MD5
bbe5641d7a7fbbe17e103522c9ead66c
-
SHA1
74fef268b5da950ffe194927129c707c37fd7347
-
SHA256
4c6e43c5746182cb3cf7e928fda456101b27c8c4d277658540912500d4b06239
-
SHA512
7aa17f1f507cf49067f033b0e95ef456f607c85422bc925a761716d1f60dab8d1525a70ce0acfd73d23289d3bc3255fa51513b7622aaf2278f80dfd6667bd64d
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-