General
-
Target
Booking and Shipping Reference Details.ace
-
Size
470KB
-
Sample
210829-fl6mnwq5gn
-
MD5
fd26df97bb1f3861511ca0407bfa255a
-
SHA1
f56038299f463b0ec25702181395381a67f8329b
-
SHA256
b77823f69e443a341655444b0f2f2f985fa078cb768470d8d20548cf7a441584
-
SHA512
fb539f40aa7b14477396e4682f3a96eef71f08611ed2a39609a4138c908db8f312aadf24be848c0606a4188ee493577df02a127a9e57090e68f5e3108ce3a8c4
Static task
static1
Behavioral task
behavioral1
Sample
Booking and Shipping Reference Details.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Booking and Shipping Reference Details.exe
Resource
win10v20210408
Malware Config
Extracted
xloader
2.3
u86g
http://www.99356a.com/u86g/
agenciaplim.com
fastpage.info
tiantianbd.com
hanedanpirlanta.com
project1accessories.com
rebeccadoumet.com
vrdnfz.com
jeaninesatl.com
isaakwallihconstruction.com
aegis.cloud
tigerandsnow.com
thehappyadventurer.com
ahhazu.com
hiveplushoney.com
k-plan-ning.com
peresvet.one
darkworkcustoms.com
deathbok.com
blackinkswizz.com
077sb.com
divecow.club
usbankaltituderewrds.com
nordaackalifestyle.com
melsamedia.com
spaziocanova.com
effinghamrotaryclub.com
organicbusinessstrategies.com
nevarsmith.com
bloqx.com
fortsdev.com
kingdomunified.com
missdecals.com
campbellsawmills.com
sharpestridesdetailing.com
castewaipoultryfarmllc.com
aregae.com
waterfiltration.systems
zxywxmr.com
davidedigiovanni.com
vfekhndzc.icu
guardamar.digital
ansb2b.com
nettute.com
getfluvidtested.com
ostadshagerd.com
bolsasytapers.com
deficryptocure.com
rahsiatokki1.com
virtual360hosting.info
rosettafeenathaniel.club
azschoolgy.com
cubanfilms.club
skooliehigh.com
kaybelledesignsllc.com
xn--lel-bla.com
2022.solar
myharitige.com
xn--iiqu5kngm42ez76a.com
kettlebellsamurai.com
nylonpicsporn.com
mimik33.com
minuwales.com
chelseashalza.com
friendchess.com
Targets
-
-
Target
Booking and Shipping Reference Details.exe
-
Size
764KB
-
MD5
261e1d3d96af2d57fabdf9295a6ad987
-
SHA1
4be2f141e6862bbf8a79bac4900a211008ac6e68
-
SHA256
468169b4fe61a81e910c9b820d46694ad3e089e7d276831e690f86012db80195
-
SHA512
0307ea1169f2193c513af63aadb10fa3a3f0c9bae5767997e940085572150e0db8480cbf4a72dc8795e78570250f0342eec768d8eb63c731519f3091ddec9a05
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-