General
-
Target
NQBNpLezqZKv1P4.exe
-
Size
697KB
-
Sample
210722-mlj8aw97c2
-
MD5
f03bf8d3ecc2ae4b40f836c59ac09bdf
-
SHA1
58f48a5a960eac4ee1f33ea16075cfd44f37b3a3
-
SHA256
2e4cf88a434d484057fcc090cb7de5deb6d30c8e00da339c886f2482f6a7ebe1
-
SHA512
9d174091b1bfb2e38da7cfb521bd5c6e471edb348e8e1c5cddd3b0784be6cd167617277c099d28927f97a24ee6a4e74d62e659dea23264d3c4ec738e6cee0255
Static task
static1
Behavioral task
behavioral1
Sample
NQBNpLezqZKv1P4.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.extraclass.xyz/4nn8/
chamtowon.com
yaaquu.com
thepettybox.com
zrcezzfdfkyjlir.com
finalcutgrowshop.com
856381151.xyz
fbgroupsmadesimple.com
thinktank-texas.com
shoppingsys.com
natezubal.com
skyhighbud.com
toddlely.net
bachelor-boys.com
blogdepr.com
chuanyigou.com
photocouture-show.com
spacetasks.com
kureitall.com
qmcp00033.com
visiodaya.com
teleasistencianamaste.com
updates-app.com
marbleheadelementary.com
jameswilliamgordon.com
bouncingbellybeans.com
icloud-site-fd.com
hotradioarnhem.com
shengdagp.com
sickrime.com
17545bullock.com
cmovied.com
wwwpaturnoiketollbyplate.com
qphis.com
vhsstores.com
sorcierebienaimee.com
y7mioung.xyz
indianapartylines.com
fezze.info
uweup.com
xn--gestinvalenciana-9ub.com
creativeartaadda.com
cattedralidismeraldo.com
thecarestudio.com
etruruueurt.xyz
sidehustle.kiwi
hagumee.com
sdkqglgs.com
nirvananaturalcbd.net
grassth.com
zeugmagiftandmore.com
smartscene.club
chsecv.com
gettothecoast.com
whiskey-friends.com
ambernai.com
iregentos.info
sh-zzjy.com
boicity.com
sgtcsleathers.net
themixedveggies.com
greenbanc.net
papiempanadas.com
ndirxk.club
iafzal.com
Targets
-
-
Target
NQBNpLezqZKv1P4.exe
-
Size
697KB
-
MD5
f03bf8d3ecc2ae4b40f836c59ac09bdf
-
SHA1
58f48a5a960eac4ee1f33ea16075cfd44f37b3a3
-
SHA256
2e4cf88a434d484057fcc090cb7de5deb6d30c8e00da339c886f2482f6a7ebe1
-
SHA512
9d174091b1bfb2e38da7cfb521bd5c6e471edb348e8e1c5cddd3b0784be6cd167617277c099d28927f97a24ee6a4e74d62e659dea23264d3c4ec738e6cee0255
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-