General
-
Target
c76f6b7b_by_Libranalysis
-
Size
190KB
-
Sample
210507-xp99h62wea
-
MD5
c76f6b7bd2dc1ee2e3ffe26de55140cd
-
SHA1
63fad8df36ecca649ea23f1ff02338f21911025b
-
SHA256
feff12adf312ac89d4e5625650514d1fd28cb6ba417e3e27c45e4b1c5548cd68
-
SHA512
1b4229675751da62e8cd45b1a1d2019de4a342b6fd52cf372c4291833153a4249b685989b681337ff01782fa33c8e062f33c36ada20f450023c90cca36315c49
Static task
static1
Behavioral task
behavioral1
Sample
New order.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.onyxcomputing.com/u8nw/
constructionjadams.com
organicwellnessfarm.com
beautiful.tours
medvows.com
foxparanormal.com
fsmxmc.com
graniterealestategroup.net
qgi1.com
astrologicsolutions.com
rafbar.com
bastiontools.net
emotist.com
stacyleets.com
bloodtypealpha.com
healtybenenfitsplus.com
vavadadoa3.com
chefbenhk.com
dotgz.com
xn--z4qm188e645c.com
ethyi.com
farrellforcouncil.com
everythingcornea.com
pensje.net
haichuanxin.com
codeproper.com
beautyblvdca.com
namastecarrier.com
xtrator.com
alphabrainbalancing.com
sensationalcleaningservices.net
magistv.info
shotsbynox.com
zioninfosystems.net
yourstoryplace.com
ebmulla.com
turkeyvisa-government.com
albertsonsolutions.com
7brochasmagicas.com
revolutiontourselsalvador.com
eastboundanddowntrucking.com
jkskylights.com
ultimatepoolwater.com
diurr.com
investmentfocused.com
dogscanstay.com
inov8digital.com
paragoncraftevents.com
reservesunbeds.com
melaniesalascosmetics.com
vissito.com
axolc-upoc.xyz
customessayjojo.com
kladki.com
online-securegov.com
xn--demirelik-u3a.com
plgmap.com
contorig2.com
dgyzgs8.com
valuedmind.com
sanacolitademarijuana.com
xn--6j1bs50berk.com
labkitsforstudents.com
lifehakershagirl.online
candidanddevout.com
Targets
-
-
Target
New order.exe
-
Size
205KB
-
MD5
c30480523e2f0d910f78aea742cb9c3a
-
SHA1
1edfdb02b75931f824ee82640283671be10398b4
-
SHA256
2eb57ff3dfafc142e693dd878044f38cb02090cbef35246b2525d19abf0fbaf5
-
SHA512
ad5289ced6ec2757af225d7830cab9684ee6e2a00a2088626d29b1d100920fde69062932d351d9d4a946ca269f4ba89800ad2ba02c198940204f94584c63b94d
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-