General
-
Target
BERN210819.iso
-
Size
676KB
-
Sample
210924-jeg1csgce7
-
MD5
bf0fa800da0b41c08785cacccff2b706
-
SHA1
1262a781fe1fcac8ce1c703ca08ce911fafa92ec
-
SHA256
1ea2c02f87744c96ef37390bbc851ddffde8cf691356a07810e590056acf7556
-
SHA512
9a098890c4c9176934df38ccba02c345b0d110d44f78956f279921be5bccd6e4d31b314c70ee2bc5ab6fad8574d187e89846df78b5d0bf593a2dbdc0b183f71c
Static task
static1
Behavioral task
behavioral1
Sample
BERN210819.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
dhua
http://www.segurosramosroman.com/dhua/
ketostar.club
icanmakeyoufamous.com
claimygdejection.com
garlicinterestedparent.xyz
bits-clicks.com
030atk.xyz
ballwiegand.com
logs-illumidesk.com
785686.com
flnewsfeed.com
transporteshrj.net
agenciamundodigital.online
bowersllc.com
urchncenw.com
wuauwuaumx.com
littlesportsacademy.com
xn--m3chb3ax0abdta3fwhk.com
prmarketings.com
jiaozhanlianmeng.com
whenisthestore.space
ventureagora.net
ditrixmed.store
gitlab-tamskillpage.com
samgravikasnidhi.com
lenti4you.com
reviewallstarscommerce.com
nissimarble.com
md2px.xyz
tristarelectronics.net
you11.net
vaccinationfraud.xyz
bu3helo.com
marcellcheckpoint.com
hassinkandroos.com
socw.quest
screenedscooptoknow-today.info
aciburada.com
edimacare.com
smokenation.net
elga-groupinc.com
26dgj.xyz
chandleenews.com
sugarcanemultisport.com
nichellejonesrealtor.com
architektschnur.com
atehgroup.com
ocoeeboys.com
zanesells.com
878971.com
infringement-notice.com
orzame.com
darlindough.com
bwpassionenterprise.com
switchress.com
willcowblog.online
rsyncpalace.com
ayderstudio.com
ascotintrenational.com
omeducationhelp.com
kimberleydawnwallace.com
thereisnooneway.com
marketobserve.com
sildenafilnrx.com
willowbaldwin.com
Targets
-
-
Target
BERN210819.exe
-
Size
614KB
-
MD5
5bc6fa2221eed7444ea7d51dea3d1b4e
-
SHA1
e7509c6facf6b09971739123aeacd555d9fb64b5
-
SHA256
8d20c36d499a614206967f9ffe68885a78aa2e7c718512a31b185bbaa529a4f6
-
SHA512
b5d9efc7070a38d6d4dcbc015a931c6a5bc45356879abe118bf55b4f366533ca47fd94527c4e2ceb225ad3d2e34f0e7c4f7d59e1d0d4f18483dfcb9abab406d4
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-