General
-
Target
VdBEgR6Ku0AvO5q.rar
-
Size
387KB
-
Sample
210917-wp7d8agag9
-
MD5
56daa8132cde748500199df11cb0beb7
-
SHA1
5f73674e144dcab12fb6bb142e429c85ec2dd7fc
-
SHA256
e180128a4a262d2762547e6f4cc1044a9a2d56b739e15a4b1994e8c531d37e8f
-
SHA512
06c825f97ba7e4c3a87964c5a34177888635f363ed03b8abb3dc4ab745381dfce9529036bffe51c321267f3e9be16328c16a5860002c1f285e53a948eda7f03e
Static task
static1
Behavioral task
behavioral1
Sample
VdBEgR6Ku0AvO5q.exe
Resource
win7-en-20210916
Malware Config
Extracted
xloader
2.3
a0ce
http://www.car-surgeons.com/a0ce/
chennaiprintshop.com
criminallawbd.com
www140800.com
southernleaflounge.com
moderngypsydesignlabs.com
bioarmourtech.com
simplyalina.com
picnicdepot.com
peshawarsc.com
innovativecustomcabinetry.com
fzju-ovrzw.xyz
63mews.com
giovannitarga.com
modernofficeaccessories.com
a2zpetcare.net
online-nb.com
brateix.info
bosc.pro
xcarethospitality.com
sedulabs.com
thebitcoinmansion.com
foodvroom.com
aliadosencrecimiento.com
3dls.agency
mfbcapital.com
jikeisho-kai.com
xx-zhuce.com
logisticalallegro.com
notscratch.xyz
induskal.com
edificiovirtual.com
manyprayers.com
marketheal.com
bobrbogle.com
mark-wiseman.com
effecacia.com
jztx189.com
apogee8.com
rating.systems
vicentesampaio.com
provuhomeinspections.com
earthmovingcompany.com
pastelclothes.com
navidrahnama.com
arenaconsultingltd.com
biodxandi.com
rvcgkuuusvk.com
publicschoolsurveys.com
outpostatlanta.com
superidol.asia
whoopershop.com
milffriendfinders.com
pphemr.net
alodebana.com
itsamething.com
libertyhousesavannah.com
tronsupernode.com
wahana.agency
buddygay.com
yunyijian.ink
albullansa.com
wecanloseweight.com
fastroadvehiclesolutions.co.uk
computerservicetn.com
Targets
-
-
Target
VdBEgR6Ku0AvO5q.exe
-
Size
466KB
-
MD5
e4d86282f355372a50cce689adeb0f44
-
SHA1
03686ba548a698a2cbaba4574cfa14dd3bc08dc9
-
SHA256
2d3e5844b0aa36f4f7f1b4612f203212f652ed596f7d91797e73521d2a1b10c9
-
SHA512
221064a89019a25b6134f0322ca447124854f5c6ec9aede81bf8ffc8d60814eea830804f9117e78118c54fd5a18df43ac45b2eaff7b48d325ec2bb264702ed7d
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-