General
-
Target
PO650.exe
-
Size
260KB
-
Sample
210826-fby335hdce
-
MD5
0f9ed47f1ffe3b1cd242b7872f4ce341
-
SHA1
37c2b669d727b1aec796644c1f4f884f0ad86944
-
SHA256
d7abd3634174ad687ef4153f268667361c7177b73871c7dbd296659d918e0d36
-
SHA512
b739a86c7ba735fe40e7630603519d2383b7615ab5c96780138455496da804e19a3d8b3228afb98403b84cdf9b769b064af899f173dd044bd313b1e32d4a18bf
Static task
static1
Behavioral task
behavioral1
Sample
PO650.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
c28h
http://www.yourweddingscent.online/c28h/
xn--osegredodameditao-nqb9e.com
blakepleasant.com
midnightindulgence.com
lungx.com
goldenretrieversmn.com
thecapshooter.com
luxuryledlighting.com
coachlind.com
jewelryart-byirene.com
legacyvending.net
staffjet.info
geogest.com
okmulgeedream.center
mexicoifbbproleague.net
tomrings.com
kidsomia.com
learnwithalinguist.com
getboardsuited.com
aiyuc.com
wowmanship.com
zcw58736.com
brava94fm.com
mayuraindia.com
sportclever.com
elcars.info
citestpridom20200814092033.net
fleurtigresse.com
zfcai1688.com
glucosecur.com
hyrrp.com
naplesfloridalifestylehomes.com
elegantsuperfoods.com
manoircarlhanjess.com
ezprone.com
spirituallystrong.net
4acostleyst.com
connectedvpn.com
themetathought.com
cartscroll.com
toiletoshop.com
pop-down.space
winatlife-blog.com
progressglobe.com
shopcamera.net
jordanshoeweb.com
theuneducationofamerica.com
bubelu.net
foreignpal.com
courtdistribute.com
librettostay.com
7arfok.com
joannetaylorpr.com
realinvest-egy.com
cerachip.com
welcometoeverywhere.com
rifepackaging.com
alphameresa.com
gylvs.com
izmoo2-hoeiprotein-review.com
airpodanchor.com
conhecimentovivo.technology
cherrisesimon.com
mileybarcus.com
tubekhan.com
Targets
-
-
Target
PO650.exe
-
Size
260KB
-
MD5
0f9ed47f1ffe3b1cd242b7872f4ce341
-
SHA1
37c2b669d727b1aec796644c1f4f884f0ad86944
-
SHA256
d7abd3634174ad687ef4153f268667361c7177b73871c7dbd296659d918e0d36
-
SHA512
b739a86c7ba735fe40e7630603519d2383b7615ab5c96780138455496da804e19a3d8b3228afb98403b84cdf9b769b064af899f173dd044bd313b1e32d4a18bf
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-