General
-
Target
da.exe
-
Size
875KB
-
Sample
210511-2ny5nlshzx
-
MD5
9fdf605ce0358540d48502367e637b0a
-
SHA1
1416ebf9b0382a8794bb89f5ee947ec668ce7fdb
-
SHA256
df22601db1675ce639bc8efe21534f7371050ae9637f6cdf38bc23ae6c18efdf
-
SHA512
a194aba3f8c20669ff741ccb59ce7b7023123e1e7984d6d6306a9099d78775ba7bdb92691c26b39522ede6f799f34e96d6b14db1e66429bea26077b95e805bf7
Static task
static1
Behavioral task
behavioral1
Sample
da.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
da.exe
Resource
win10v20210408
Malware Config
Extracted
xloader
2.3
http://www.cats16.com/8u3b/
pipienta.com
wisdomfest.net
jenniferreich.com
bigcanoehomesforless.com
kayandbernard.com
offerbuildingsecrets.com
benleefoto.com
contactlesssoftware.tech
statenislandplumbing.info
lifestylemedicineservices.com
blazerplanning.com
fnatic-skins.club
effectivemarketinginc.com
babyshopit.com
2000deal.com
k12paymentcemter.com
spwakd.com
lesreponses.com
abundando.com
hawkspremierfhc.com
midwestmadeclothing.com
kamuakuinisiapa.com
swirlingheadjewelry.com
donelys.com
stiloksero.com
hoangphucsolar.com
gb-contracting.com
girlboyfriends.com
decadejam.com
glassfullcoffee.com
todoparaconstruccion.com
anygivenrunday.com
newgalaxyindia.com
dahlonegaforless.com
blue-light.tech
web-evo.com
armmotive.com
mollysmulligan.com
penislandbrewer.com
wgrimao.com
dxm-int.net
sarmaayagroup.com
timbraunmusician.com
amazoncovid19tracer.com
peaknband.com
pyqxlz.com
palomachurch.com
surfboardwarehouse.net
burundiacademyst.com
pltcoin.com
workinglifestyle.com
vickybowskill.com
ottawahomevalues.info
jtrainterrain.com
francescoiocca.com
metallitypiercing.com
lashsavings.com
discjockeydelraybeach.com
indicraftsvilla.com
tbq.xyz
arfjkacsgatfzbazpdth.com
appsend.online
cunerier.com
orospucocuguatmaca.com
Targets
-
-
Target
da.exe
-
Size
875KB
-
MD5
9fdf605ce0358540d48502367e637b0a
-
SHA1
1416ebf9b0382a8794bb89f5ee947ec668ce7fdb
-
SHA256
df22601db1675ce639bc8efe21534f7371050ae9637f6cdf38bc23ae6c18efdf
-
SHA512
a194aba3f8c20669ff741ccb59ce7b7023123e1e7984d6d6306a9099d78775ba7bdb92691c26b39522ede6f799f34e96d6b14db1e66429bea26077b95e805bf7
-
Xloader Payload
-
Suspicious use of SetThreadContext
-