General
-
Target
arrival notice.r15
-
Size
513KB
-
Sample
210915-2n6n7abch4
-
MD5
a71f23c02f9ab33761f7ca580f3e419b
-
SHA1
35abf83a07f4cffca08f243bf69abe19aac7931b
-
SHA256
f2da2c72103614d33f47da7a0403c55e3c6a493a66957e5388730ea945b8c430
-
SHA512
f399eb4d0b26c6e6df886b1b2cbc854426c42bf63389fdc00aa74d2dbb0ca9de365d6cc8cae57b1dc9ff9c9f04470bd07702d7e1c279e7623ded3b956fcbddae
Static task
static1
Behavioral task
behavioral1
Sample
arrival notice.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.4
n58i
http://www.nordicbatterybelt.net/n58i/
southerncircumstance.com
mcsasco.com
ifbrick.com
societe-anonyme.net
bantank.xyz
dogecoin.beauty
aboutacoffee.com
babalandlordrealestate.com
tintgta.com
integrity.directory
parwnr.icu
poltishof.online
stayandstyle.com
ickjeame.xyz
currentmotors.ca
pond.fund
petrosterzis.com
deadbydaylightpoints.com
hotel-balzac.paris
focusmaintainance.com
odeonmarket.com
voeran.net
lookailpop.xyz
sashaignatenko.com
royalgreenvillage.com
airbhouse.com
zl-dz.com
fuwuxz.com
wugupihuhepop.xyz
zmdhysm.com
luchin.site
rnchaincvkbip.xyz
fffddfrfqffrtgthhhbhffgfr.com
goabbasoon.info
booyahbucks.com
ilovecoventry.com
components-electronics.com
advindustry.com
browandline.com
hotnspicy.site
marlonj26.com
holidays24.net
starworks.online
mbchaindogbbc.xyz
3wouqg.com
evnfreesx.com
baureihe51.com
hycelassetmanagement.space
photostickomni-trendyfinds.com
singisa4letterword.com
thklw.online
menramen.com
highspeedinternetinc.com
beerenhunger.info
hisensor.world
lassurancevalence.com
clementchanlab.com
customia.xyz
alysvera-centroestetico.com
cx-xiezuo.com
index-mp3.com
mybenefits51.com
vyhozoi.site
lingerista.net
Targets
-
-
Target
arrival notice.exe
-
Size
661KB
-
MD5
692c22c9579ce47100a87e90f911b202
-
SHA1
29189325967d4716883edabb4c03a5a30d836896
-
SHA256
3f383c683795d277510e0fb4c806ae17bfb33dd6ff875b66c159068e58c28818
-
SHA512
98c6759ef92a350f570dd74b2c53d0307d1c8cf0f4b875ba5d2bb13f11e4bd39ef329b2131f45a18f7d48fdd24c2ab3c65370d71efe9f6975d4b3a4428419887
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-