General
-
Target
Commercial Invoice #No 003169479.PDF.z
-
Size
341KB
-
Sample
210820-jnw6ean3sx
-
MD5
a1b886be9dfde18a0205732e9746cf59
-
SHA1
e9edeeccad41922e53e88571dae0b7187760275e
-
SHA256
e88a53926856229e7e11c2c56468dfe7a2075d2424bd73cd0c1b6944253ef3be
-
SHA512
531d10828059dd8571fa6afaeb21d29d09ed8f9af7c5eff6d9b9910eafac242ecc6ac2aa265bd94c6696c986973b1be313f1a97eec775349e2c995c0a22c74f6
Static task
static1
Behavioral task
behavioral1
Sample
Commercial Invoice #No 003169479.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
mabs
http://www.heehan.com/mabs/
joiderqm.com
hyc306.com
ouchplus.asia
abrosnm3.com
hospitalanti-infectives.com
ala-co.com
morrisonltts.net
tradingimpulse.com
invisibleimagination.com
jdjshop.com
huntedby.com
szsgfdzx.com
germfightersusaiowa.com
pahaadpost.com
obrankers.com
plaeralum.com
getfitwithmeministry.com
smartswaploan.com
gypsyjewelrydesigns.com
meetgoodwill.info
lojadoalfinete.store
santacruzcountytogether.com
exonmobilerewardsplua.com
secretthaichalmette.com
muy-a.com
convertanalysis.com
pepperqueenfarm.com
starlabgroup.design
thejuwongs.com
originesakai.com
contabilidadeemgeral.online
mwal.art
petnaturally.net
wbhomerenovations.com
tugarabato.com
ireapills.com
massagethe615gmail.com
thebarksuperdeals.com
phillyvotefromhome.net
altamar-usa.com
profilesofgrace.com
tpc-365.com
thoughtsintheskyy.com
coloringpagesadults.net
offerionn.com
dyfaanfamily.com
epdcs.com
farag.design
investirenelmondo.com
breakingq.com
laughing-flower.com
la-bel.photography
rhymingspeeches.com
whatisastaxanthin.com
ethicalllykate.com
qiqi-commerce.com
bakalskaing.com
honeywoodsauces.com
opengatefoods.com
armandplatter.com
themetrosupermarket.com
sbsc-program.com
pcreonline.com
discountmetalart.com
Targets
-
-
Target
Commercial Invoice #No 003169479.exe
-
Size
516KB
-
MD5
5166f63544fa637da92b9a0aeb57543b
-
SHA1
d958787540ed973f6a9ef3b2c2e758aa2c234182
-
SHA256
faae7d9edda8ceb6fa049bedc894de456dcc86e1931eb896d3e78cb367fcb01d
-
SHA512
dbc5f8d5b68f38bddbfb4dfb51628f4c979d768d4e514bd754335ebe25bb8342397422671c781c837b5378c6e0030ba160e0e44e3b0078d64a73df9a9ba3c2e7
Score10/10-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-