General
-
Target
uiza7XkNGQPRQvb.exe
-
Size
693KB
-
Sample
210722-pxalea6csx
-
MD5
9d9f2d5ba71372d4bbd85a9088ba7bc7
-
SHA1
353192974e4f523bdcb472478e5a652e194c6481
-
SHA256
a6169937c872aefc3f1e5c13e40f05d9cb0cbba3a16490f134b810b47027b035
-
SHA512
7ea510bdc7057f5442055b8c36b329e8e0c68cdc2c0f93a693e69979307369d2eb662093ecc53ee6b03b2667598fa28b9d01ed15679f98fce2eec911e5c564a8
Static task
static1
Behavioral task
behavioral1
Sample
uiza7XkNGQPRQvb.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.lapashawhite.com/p596/
ushistorical.com
lovepropertylondon.com
acupress-the-point.com
3772548.com
ambientabuse.com
primaveracm.com
themidwestmomblog.com
havasavunma.com
rockyroadbrand.com
zzphys.com
masque-inclusif.com
myeonyeokplus.com
linkernet.pro
zezirma.com
mysiniar.com
andreamall.com
mattesonauto.com
wandopowerinc.com
casaurgence.com
salishseaquilts.com
yourchanceisnow.com
tumulusresearch.com
blendandspend.com
pevention.com
cloudrevolutionawards.com
beadedbodied.com
marylandpaymentrelief.net
5935699.com
silverleafcompanies.com
slxxxhub.com
combatstriking.com
sex-shop.life
cuncunkan.com
italiamo-magagine.com
sfvoterguide.com
2012boulevard.com
mslookbook.com
897tj1.net
cgslnc.net
kashyaptalkz.com
researchcse.com
lunzhu168.com
mlfkt.com
customcardstudio.com
kirklandramblerforsale.com
magetu.info
wptheme247.com
purposedenver.com
journaldelaphotographie.com
yieldwadi.site
mobilefriendlysites.com
ocularjournal.com
consigli.energy
infintylights.com
itcohempproject.com
montcairo.net
allegrohascockroaches.com
flexbandofficial.com
greatindiapropertyshow.com
kabin-fever.com
designsoc.com
javlao.com
controltower.services
masihsarap.com
Targets
-
-
Target
uiza7XkNGQPRQvb.exe
-
Size
693KB
-
MD5
9d9f2d5ba71372d4bbd85a9088ba7bc7
-
SHA1
353192974e4f523bdcb472478e5a652e194c6481
-
SHA256
a6169937c872aefc3f1e5c13e40f05d9cb0cbba3a16490f134b810b47027b035
-
SHA512
7ea510bdc7057f5442055b8c36b329e8e0c68cdc2c0f93a693e69979307369d2eb662093ecc53ee6b03b2667598fa28b9d01ed15679f98fce2eec911e5c564a8
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-