General
-
Target
PURCHASE CONTRACT #GJPL1202 2021-22PDF.exe
-
Size
923KB
-
Sample
210624-9ryhhm27ds
-
MD5
8eb4085101f4cc1f78bde6323c2cf954
-
SHA1
2162c6fa8a2c278b2a6aeea2491ea62eea56e5c4
-
SHA256
00139ffbc60ffd8c46045238f984371a7cd5dd8a9c0f39af10eb0512bb82a40a
-
SHA512
56b1a44c974d1635e0daf84b7038ab8e6672b0dc74eb41609c2467a09e2f22b59bb34be7ba0c92623685d845228874c5378d157c299bdc7081aef60bf7919e03
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE CONTRACT #GJPL1202 2021-22PDF.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.xgegqs.com/gscc/
digdeepalways.com
medicaidcovidsurvey.com
thebranchfellowship.com
trillionairebigboysclub.com
pointsvalidation.com
thatcomfortableplace.com
stretchingchic.com
tabletadigital.online
xkg.xyz
merlin-hygieneforce.com
mockexamsonline.com
mortgagemegloans.com
fraudcast.net
bexleyheathdmcc.xyz
shop77c.club
blueathue.com
bjzxsd.com
8metode.com
ravexim3.com
kratiemthaicuisine.com
haras-dors.com
a4biznesscenter.com
beckerconta.com
thebankofamericaservices.com
av101.pro
glenndadestateteam.com
themaconsandfamily.com
albertjeun.com
homeworkkiller.info
watsonep.com
chinaouhao.com
amandayumi.com
spidersolitaire.club
cgxxka.com
theasiahub.com
webersarmy.com
2manyads.com
utrexpress.com
fourcornersfreight.com
rkl123.com
yournetresult.com
o2way.com
thenepalisong.com
silkbeast.com
alanalevittstudio.com
cybrrater.com
nguyenanhonhunguyet.net
twinlifemusicgroup.com
homesbymariet.com
theeasyfile.com
gor.xyz
sartservices.com
dianesproperties.com
reddog-games.com
whateversthought.com
easydigitalzone.com
merchant-compass.com
travelaise.com
mamiya-mould.com
freesolorv.net
thehealthyfoodkitchen.com
studiocerboni.com
petermarmureanu.com
brendadesignm.com
Targets
-
-
Target
PURCHASE CONTRACT #GJPL1202 2021-22PDF.exe
-
Size
923KB
-
MD5
8eb4085101f4cc1f78bde6323c2cf954
-
SHA1
2162c6fa8a2c278b2a6aeea2491ea62eea56e5c4
-
SHA256
00139ffbc60ffd8c46045238f984371a7cd5dd8a9c0f39af10eb0512bb82a40a
-
SHA512
56b1a44c974d1635e0daf84b7038ab8e6672b0dc74eb41609c2467a09e2f22b59bb34be7ba0c92623685d845228874c5378d157c299bdc7081aef60bf7919e03
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-