General
-
Target
Order List from Dunen Enterprise Corporation.rar
-
Size
70KB
-
Sample
210915-jc9btsaah9
-
MD5
524b45e2f92191a0b64330ccdd8bcafe
-
SHA1
b7626cd950187c696b3be31d164fdd3537c3524a
-
SHA256
502289d544b27378272f693a139db58e368f4870be91ff2510a4b1c99635ea22
-
SHA512
f5fcb48a8fcc746e24404ec0f797b0f6d13a833d4f9223f03d098aa925151eeda17078fef515bdcd65af47ef85ea45261c651feaa4ef5f5ec5d5e067b0bc9942
Static task
static1
Behavioral task
behavioral1
Sample
Order List from Dunen Enterprise Corporation.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
Order List from Dunen Enterprise Corporation.exe
Resource
win10v20210408
Malware Config
Extracted
xloader
2.3
hhse
http://www.mx-online-service.xyz/hhse/
gujranwala.city
peinture-san-deco.com
disvapes.com
tekst-sanderlei.com
veryfastsnail.com
yaqiong.net
onlinebingocenter.com
kenttreesurgery.com
berislavic.com
ecomemailspack.com
drgustavoteyssier.com
mayfieldslodge.com
qiubaolink.com
kevinkensik.com
boatmanagementexpert.com
dbylkov.com
griffin-designs.com
glowlikethis.com
fuckjules.com
lxqc6688.com
cduyechang.com
jintelcare.com
abdiscountplumbing.com
merrilllynchph.com
yuanxinlv.com
chinapuma.com
covertroyalty.com
grouphall.net
unikpixls.com
rbainlaw.com
bold2x.com
eventosav.com
copywritermeg.com
geeeknozoid.com
physio-schmid.com
bankofsavings.com
xzttzs.com
water-note.com
gutter-rutter.com
wallis-applications.com
aurora-graphics.com
justindoorsoccer.com
drivly.net
allonot.com
splashseltzer.com
sanctuarymarbella.com
fossickandfind.com
sari-2.com
luxedesignsinc.com
cowlickgin.com
anothergeorgia.life
mainstreetmarketlillington.com
vibe-communications.com
nextgenrs.net
kosurvival.com
uvinq.com
crenate-throe.info
weazing.net
mydreamit.world
shortandsweetorganizing.com
24bitpay-trade.com
qianniaofan.com
thepccafe.com
solucionesautomotrices.info
Targets
-
-
Target
Order List from Dunen Enterprise Corporation.exe
-
Size
128KB
-
MD5
744d832006910318b2826e4cc8db4b11
-
SHA1
b58f485d5153dc4cb1a608091e1174d6fc966a4a
-
SHA256
e015835dd69bbd384cb9b347984b648562281ba9e532ca110b6962bce9262251
-
SHA512
2ef7a81389e03fe8cdaa42e39e9df842d811b87b97d50e915e01d8fa35e3eaa49f7aaa03aa5a534e3413a636d3bf011ff9774a4b5b2553fbecef24aa8425deb4
-
Xloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-