General
-
Target
PO7420.exe
-
Size
670KB
-
Sample
210915-gs9leshhf9
-
MD5
02e6d76727a49338165563bfccb66182
-
SHA1
f1302c87caad5869fdf9c151c0a506cda1b3d5a3
-
SHA256
98a9431a38a821366e3bf9cc3bbb9a9b44f5820632ac85c5a9f2349e65a507a0
-
SHA512
605d13c0b75c8cd94ceff9cc3d7cfa317b5b360df62c6a0f93a838558081665b0ef3d7bca5857cf1cf41a5e5f7db745d74d3fe9a6d9b4900da110efbb6749b0e
Static task
static1
Behavioral task
behavioral1
Sample
PO7420.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
c28h
http://www.yourweddingscent.online/c28h/
xn--osegredodameditao-nqb9e.com
blakepleasant.com
midnightindulgence.com
lungx.com
goldenretrieversmn.com
thecapshooter.com
luxuryledlighting.com
coachlind.com
jewelryart-byirene.com
legacyvending.net
staffjet.info
geogest.com
okmulgeedream.center
mexicoifbbproleague.net
tomrings.com
kidsomia.com
learnwithalinguist.com
getboardsuited.com
aiyuc.com
wowmanship.com
zcw58736.com
brava94fm.com
mayuraindia.com
sportclever.com
elcars.info
citestpridom20200814092033.net
fleurtigresse.com
zfcai1688.com
glucosecur.com
hyrrp.com
naplesfloridalifestylehomes.com
elegantsuperfoods.com
manoircarlhanjess.com
ezprone.com
spirituallystrong.net
4acostleyst.com
connectedvpn.com
themetathought.com
cartscroll.com
toiletoshop.com
pop-down.space
winatlife-blog.com
progressglobe.com
shopcamera.net
jordanshoeweb.com
theuneducationofamerica.com
bubelu.net
foreignpal.com
courtdistribute.com
librettostay.com
7arfok.com
joannetaylorpr.com
realinvest-egy.com
cerachip.com
welcometoeverywhere.com
rifepackaging.com
alphameresa.com
gylvs.com
izmoo2-hoeiprotein-review.com
airpodanchor.com
conhecimentovivo.technology
cherrisesimon.com
mileybarcus.com
tubekhan.com
Targets
-
-
Target
PO7420.exe
-
Size
670KB
-
MD5
02e6d76727a49338165563bfccb66182
-
SHA1
f1302c87caad5869fdf9c151c0a506cda1b3d5a3
-
SHA256
98a9431a38a821366e3bf9cc3bbb9a9b44f5820632ac85c5a9f2349e65a507a0
-
SHA512
605d13c0b75c8cd94ceff9cc3d7cfa317b5b360df62c6a0f93a838558081665b0ef3d7bca5857cf1cf41a5e5f7db745d74d3fe9a6d9b4900da110efbb6749b0e
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-