General
-
Target
Invoice && Packing.r15
-
Size
546KB
-
Sample
210915-t7tvqsbab9
-
MD5
b333cf0e3ac2dbc45aec380e5bd50719
-
SHA1
28cb53895e180a86b969d0ee084194cdf9a294ad
-
SHA256
1aa5d2b240599fdc78430c4aeba03305fccad15b7ca038dbf056d8dd67865892
-
SHA512
0929966ee321bb7cbdb81214e5493ebcadf6403a9d82f1499a12df2aeb52dab9b7483aa88d29d618cccbc99105aa48299080237204d75609e4268255cd72ed45
Static task
static1
Behavioral task
behavioral1
Sample
TPJX2QwEdXs5sTV.exe
Resource
win7-en
Malware Config
Extracted
xloader
2.4
t75f
http://www.438451.com/t75f/
ice-lemon.pro
ar3spro.cloud
9055837.com
fucksociety.net
prettyofficialx.com
mfxw.xyz
relationshipquiz.info
customia.xyz
juanayjuan.com
zidiankj.com
facture-booking.com
secondmining.store
aboutyou.club
gongxichen.com
laurabraincreative.com
pierrot-bros.com
saintpaulaccountingservices.com
dom-maya.com
garderobamarzen.net
la-salamandre-assurances.com
pearmanprep.com
telfarcontrol.com
productsshareco.com
cirf2021.online
purchasevip.com
cakewalkvision.com
pointrenewables.com
groups4n.com
swnegce.xyz
tjapro.com
packagedesign.biz
services-govgr.cloud
shopgrassfedbeef.com
tquilaint.com
templetreemontessori.com
munortiete.com
nothingbutspotlesss.com
fanpaixiu.xyz
fr-site-amazon.com
salartfinance.com
beachers-shop.com
friskvardaportalen.online
pinsanova.site
lemonvinyl.online
indianadogeavaxsite.site
styphon.com
open24review-service.com
bdjh9.xyz
cocodiesel.com
fortmyersfl.deals
dsdtourism.com
phone-il.net
learningfactoryus.com
incentreward.xyz
travellerfund.com
changcheng.pro
cryptowalletts.com
tradopplst.xyz
autonomoustechnologyinc.com
assessmentdna.xyz
denicon-th.com
dib5so.com
genwealthbuilders.store
delnetitcilo.net
Targets
-
-
Target
TPJX2QwEdXs5sTV.exe
-
Size
655KB
-
MD5
ce556ce97ea23cbc2940f2aad45d468f
-
SHA1
cc2bdaefa2f0ac108e2f456e42a42e8258580cf4
-
SHA256
7c3d5ebd2c417a52b2a0b98dee95b5a7f283816f6a2453ceeffd31becc140882
-
SHA512
82d4d71aeb5118d600394c64eb127ca4a87d7b83702feb4f9c5b0a0d98a597f812ebfd16784cbde54b9f4b1c87d3c7eaf57fb1c86b9720df95419887fc13f77b
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-