General
-
Target
code E05.exe
-
Size
874KB
-
Sample
210818-66yr5enszj
-
MD5
d342d2101b2e0aeb494f314db2c9f601
-
SHA1
411dc7844bfcd0c2a15a0e55bf99450f87b15f0f
-
SHA256
c43451d310a9e29209b9658e9ae37da0e69a43699a910dd5904e4a7ea9b6e68d
-
SHA512
da9b446241d8c728229285cbed06281bfa439f4179c6facd1a8e2b73b6d83f3a7ee9567247495bdc412d90bfad8d303b60cbec8b22e5f5e3e8a891931942be84
Static task
static1
Behavioral task
behavioral1
Sample
code E05.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
be4o
http://www.wapteas.com/be4o/
gosth-kitchen.com
300coin.club
mdseenergys.com
weizhong.asia
pixorum.com
rdchicken.com
beverlyhills-mc.com
voteelliot.com
noithatsongtung.com
bestiepetinsurance.net
pannacottagames.com
materaweddings.com
kryodry.com
hardlikeaboss.com
fnhope.com
blun33.com
rentmystuff.pro
maimaimaoba.com
caneteperu.com
lata-gouveia.com
algacpe.com
butoocnc.com
rejallacloud.com
dreamboatco.com
arielpt.com
globeairmx.com
exceptionalrenovationscorps.com
thehustlern.com
jbfalandays.net
stadefrancaisparis.com
silverimagestudios.com
firebirdpodcast.com
6jianwang.com
teasyou.com
blackflytienda.com
jslkdq88.com
omegaceviz.xyz
hbcuwomenlead.com
erectumupper.com
rishushrivastava.com
greatestmeacademy.com
karmartbuybackevent.com
bossbussy.com
theclevelandhouses.com
strangefruit.world
marijuanachoices.com
thedarkmatterseries.com
lasantaclothing.com
advogadosmmf.com
fahlstromfarms.com
sandiegogullshockey.com
sanhuting.com
myetricks.com
sowingpen.com
xmuhasebe.com
prolyricss.com
hendrickson-remodeling.com
flufftopia.info
fiestajoy.com
behcomedikal.com
enterpressence.com
retrofrolic.com
amazon-i3.com
imi93.com
Targets
-
-
Target
code E05.exe
-
Size
874KB
-
MD5
d342d2101b2e0aeb494f314db2c9f601
-
SHA1
411dc7844bfcd0c2a15a0e55bf99450f87b15f0f
-
SHA256
c43451d310a9e29209b9658e9ae37da0e69a43699a910dd5904e4a7ea9b6e68d
-
SHA512
da9b446241d8c728229285cbed06281bfa439f4179c6facd1a8e2b73b6d83f3a7ee9567247495bdc412d90bfad8d303b60cbec8b22e5f5e3e8a891931942be84
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-