General
-
Target
Order List from Dunen Enterprise Corporation.rar
-
Size
70KB
-
Sample
210915-g8cavshhh6
-
MD5
524b45e2f92191a0b64330ccdd8bcafe
-
SHA1
b7626cd950187c696b3be31d164fdd3537c3524a
-
SHA256
502289d544b27378272f693a139db58e368f4870be91ff2510a4b1c99635ea22
-
SHA512
f5fcb48a8fcc746e24404ec0f797b0f6d13a833d4f9223f03d098aa925151eeda17078fef515bdcd65af47ef85ea45261c651feaa4ef5f5ec5d5e067b0bc9942
Malware Config
Extracted
xloader
2.3
hhse
http://www.mx-online-service.xyz/hhse/
gujranwala.city
peinture-san-deco.com
disvapes.com
tekst-sanderlei.com
veryfastsnail.com
yaqiong.net
onlinebingocenter.com
kenttreesurgery.com
berislavic.com
ecomemailspack.com
drgustavoteyssier.com
mayfieldslodge.com
qiubaolink.com
kevinkensik.com
boatmanagementexpert.com
dbylkov.com
griffin-designs.com
glowlikethis.com
fuckjules.com
lxqc6688.com
Targets
-
-
Target
Order List from Dunen Enterprise Corporation.exe
-
Size
128KB
-
MD5
744d832006910318b2826e4cc8db4b11
-
SHA1
b58f485d5153dc4cb1a608091e1174d6fc966a4a
-
SHA256
e015835dd69bbd384cb9b347984b648562281ba9e532ca110b6962bce9262251
-
SHA512
2ef7a81389e03fe8cdaa42e39e9df842d811b87b97d50e915e01d8fa35e3eaa49f7aaa03aa5a534e3413a636d3bf011ff9774a4b5b2553fbecef24aa8425deb4
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-