General
-
Target
scan-0001098.exe
-
Size
235KB
-
Sample
210819-1lx8z71afn
-
MD5
24147a6909f47667067a4598f50fdfc4
-
SHA1
29d9b920365fd2092e2d2f2ebac159882e80cb8c
-
SHA256
32ece49c018110f307142a5eff7d169e75731b059fbf81ac26f82aab4111b8c8
-
SHA512
e3ba24bd4fd68dee1ce7a17ece6a92e81ad3b0d9b272612562b5d5c1d101b8ce45c3193be4ffe38c808affab595a7e84eb704675efd7410b3d4513ade84494cd
Static task
static1
Behavioral task
behavioral1
Sample
scan-0001098.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
scan-0001098.exe
Resource
win10v20210408
Malware Config
Extracted
xloader
2.3
noi6
http://www.offshoresrilanka.com/noi6/
yow.today
rkdreamcreations.com
etheriumtech.com
stretchwrench.com
kiddiecruise.com
stickforward.com
videocineproduccion.com
roofinginamerica.com
amarillasnuevomexico.com
armfieldmillerripley.com
macyburn.club
lvbaoshan.com
shopshelponline.com
thebunnybrands.com
newsxplor.com
momunani.com
rebelnqueen.com
tusguitarras.com
nexab2b.com
e3office.express
restpostenboerse.com
empdx.net
treekium.com
kuyumcusigortasi.com
icufashionaccessories.com
olv.design
vraniqi-plast.com
metalate.com
salondelalocura.com
parivarthanarchitects.com
lovewithjanel.community
thelifeprotectgroup.com
tukangphoto.com
seguridadcusaem.com
europeisawesome.com
celinbag.com
e-basvuru-hizmetleri.com
myfojwinx.icu
wecamptee.com
weihang0769.com
onlinecolorization.com
vaccinocovid19.info
novastreaming.net
menuhaliving.com
gayderjoes.com
pantysniffershop.com
powerbie.com
naplesebike.com
chipinsideyourbrain.com
thegioicaytrongnha.com
downtowntallyretreat.com
latiaov.net
albanyfence.com
ttzya.com
jvillehatchery.com
shaonix.com
swaphomeloans.com
hotelsasian.com
truckcar.info
papocabecaepescoco.net
dekodizajn.com
bulukx.com
turbochargeyourwriting.com
lcscards-veilig.icu
Targets
-
-
Target
scan-0001098.exe
-
Size
235KB
-
MD5
24147a6909f47667067a4598f50fdfc4
-
SHA1
29d9b920365fd2092e2d2f2ebac159882e80cb8c
-
SHA256
32ece49c018110f307142a5eff7d169e75731b059fbf81ac26f82aab4111b8c8
-
SHA512
e3ba24bd4fd68dee1ce7a17ece6a92e81ad3b0d9b272612562b5d5c1d101b8ce45c3193be4ffe38c808affab595a7e84eb704675efd7410b3d4513ade84494cd
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-