General
-
Target
SHIPPING DOCUMENTS.GZ
-
Size
389KB
-
Sample
210916-pcep4sdce6
-
MD5
8deb4d12e37d0d8ad124072f0a30a88b
-
SHA1
843fc66125fae97f7c84447510ed28c11cea6dbf
-
SHA256
20f5ed77316a7c565abd1b4c486ec3991fd36ef1ee95e2442bd3ad5107107f35
-
SHA512
daddb69cb8c9feb62ae67bee35717543cc0a4f6ce1914b982645cb745fca322445b496921331031482fa4a899d6048d7d3d9e2200b2e7596ccf6d953712517be
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.4
n58i
http://www.nordicbatterybelt.net/n58i/
southerncircumstance.com
mcsasco.com
ifbrick.com
societe-anonyme.net
bantank.xyz
dogecoin.beauty
aboutacoffee.com
babalandlordrealestate.com
tintgta.com
integrity.directory
parwnr.icu
poltishof.online
stayandstyle.com
ickjeame.xyz
currentmotors.ca
pond.fund
petrosterzis.com
deadbydaylightpoints.com
hotel-balzac.paris
focusmaintainance.com
odeonmarket.com
voeran.net
lookailpop.xyz
sashaignatenko.com
royalgreenvillage.com
airbhouse.com
zl-dz.com
fuwuxz.com
wugupihuhepop.xyz
zmdhysm.com
luchin.site
rnchaincvkbip.xyz
fffddfrfqffrtgthhhbhffgfr.com
goabbasoon.info
booyahbucks.com
ilovecoventry.com
components-electronics.com
advindustry.com
browandline.com
hotnspicy.site
marlonj26.com
holidays24.net
starworks.online
mbchaindogbbc.xyz
3wouqg.com
evnfreesx.com
baureihe51.com
hycelassetmanagement.space
photostickomni-trendyfinds.com
singisa4letterword.com
thklw.online
menramen.com
highspeedinternetinc.com
beerenhunger.info
hisensor.world
lassurancevalence.com
clementchanlab.com
customia.xyz
alysvera-centroestetico.com
cx-xiezuo.com
index-mp3.com
mybenefits51.com
vyhozoi.site
lingerista.net
Targets
-
-
Target
SHIPPING DOCUMENTS.exe
-
Size
457KB
-
MD5
50d046de51441ed6d03da1662cecc772
-
SHA1
b1be2f4383e4fece502efcdf1494c056ce5f7b10
-
SHA256
5a3b0b3dfa0c258ad5d6e510d14b3b7ab8b16b49b9024669a4102d55de4e74ae
-
SHA512
b018d6941e6209a36a6ce07a84a90f96c59bbf4de4bfea126f215160bd10404c1ab88e00939306795c8b99a8a32101cc8cd2e9566a537580b7493e777df9f8cc
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-