General
-
Target
Payment Ref EFT#00007863.zip
-
Size
384KB
-
Sample
210916-nwtspsdca7
-
MD5
0dff9e9cda6a4b6fb1ac5767c8500b7c
-
SHA1
effeffd716258a36dd574f1271fce08e950b8511
-
SHA256
d4c1a546f7e87b1a6506bb846a2b1c96307afd8a8a184b6941a42ea9e53a4718
-
SHA512
a648b0ccc4c02ca7f0cf1b5cd4328e818d9a1ce620aaf4789553d33b4e3150f2b3353a2c412872f8b2a8af7bc444649975bca067990b00f637b13a0ca14870d2
Static task
static1
Behavioral task
behavioral1
Sample
nAIj8iSBKtENT6y.exe
Resource
win7-en
Malware Config
Extracted
xloader
2.4
t75f
http://www.438451.com/t75f/
ice-lemon.pro
ar3spro.cloud
9055837.com
fucksociety.net
prettyofficialx.com
mfxw.xyz
relationshipquiz.info
customia.xyz
juanayjuan.com
zidiankj.com
facture-booking.com
secondmining.store
aboutyou.club
gongxichen.com
laurabraincreative.com
pierrot-bros.com
saintpaulaccountingservices.com
dom-maya.com
garderobamarzen.net
la-salamandre-assurances.com
pearmanprep.com
telfarcontrol.com
productsshareco.com
cirf2021.online
purchasevip.com
cakewalkvision.com
pointrenewables.com
groups4n.com
swnegce.xyz
tjapro.com
packagedesign.biz
services-govgr.cloud
shopgrassfedbeef.com
tquilaint.com
templetreemontessori.com
munortiete.com
nothingbutspotlesss.com
fanpaixiu.xyz
fr-site-amazon.com
salartfinance.com
beachers-shop.com
friskvardaportalen.online
pinsanova.site
lemonvinyl.online
indianadogeavaxsite.site
styphon.com
open24review-service.com
bdjh9.xyz
cocodiesel.com
fortmyersfl.deals
dsdtourism.com
phone-il.net
learningfactoryus.com
incentreward.xyz
travellerfund.com
changcheng.pro
cryptowalletts.com
tradopplst.xyz
autonomoustechnologyinc.com
assessmentdna.xyz
denicon-th.com
dib5so.com
genwealthbuilders.store
delnetitcilo.net
Targets
-
-
Target
nAIj8iSBKtENT6y.exe
-
Size
411KB
-
MD5
799febf0e89864960c7f98b546cea32c
-
SHA1
2a16ca50e68593db49450672e54ec8a977239a02
-
SHA256
39c5b29df15e13a18cbc4b77a44208aa927af8851555a4d220d8af0be7aeb235
-
SHA512
f6f89a2c4c36b4ca961934cb55eec8dbedf15d1a05d77387d9259ddc436766b248865e83e70341c1403dff325185e0a0f4cf51021e682adef19080a7cad6129a
-
Xloader Payload
-
Suspicious use of SetThreadContext
-