General
-
Target
shipping docs 9100.zip
-
Size
418KB
-
Sample
210928-m6c29sbff2
-
MD5
05a9c8d25ef7a95f63f51e7aa64c42e2
-
SHA1
1d1e947fdf93d953ed29ade020f38212f48b233f
-
SHA256
510ee124baffe454ca3bdae1af80044b7bd469ceed767cb6108df0f2a8494209
-
SHA512
68443859764ac971308c45b6ed141760c2e11351977a4c5b13b53d6411d4405ebab56ba4086e1eb0d236fc12036d9aaae84a9522fd799b2a431cba611f06d442
Static task
static1
Behavioral task
behavioral1
Sample
money.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
jdt0
http://www.jen4x.com/jdt0/
william188.com
kmknim.com
freedomnofear.com
industrialohare.com
devopswave.com
g1fz.com
aliceguidi.info
linkared.com
crossboda.com
lpddr3.com
ktnword.xyz
productsdesign.top
dulichnhatviet.com
piazzaassociates.com
inpude.com
kmi.contractors
getkyrobak.com
sportinggoodssuperstore.com
trifoly.info
aspectjudge.com
yangmoo.com
shiftmedicalstaffing.agency
umofan.com
investmentqualityjewels.com
hoteldelpaseocampeche.com
ezhandianfu888.com
liveincare-online.com
riverflowmassage.com
heldyn.com
escueladecampo.com
telecombazaar.com
oshitoishi.net
microexpertise.com
successportal.net
nepll.com
jdqmg.com
aedificeproperty.com
element-light.com
karenellissolutions.com
embutidosdigitales.com
goddistorted.com
wanimi.online
online-ec.biz
staysg.club
roytoys.xyz
loadcenter-dropbox.biz
appcast-70.com
espraycash.com
busizy.com
intellibotz.com
gg-loader.com
rocketdealfinder.com
hosting-premium-online.com
lookyanychev-gallery.store
norllix.com
itooze.com
cbuqn.com
life-lover.com
kelloscosplay.com
memory-information.club
grand-polyana.com
sanieart.com
pavlonmedia.net
edgar-regale.com
Targets
-
-
Target
money.exe
-
Size
587KB
-
MD5
a5c5be37f0dd714ee9a45a05d602f292
-
SHA1
29b118c934e74613d6704ccfed26ccc053065317
-
SHA256
5e27b2f6ec7f0387f6c380ac26eb924fcc732601c43ed7c400c42ae82fb0de57
-
SHA512
fdd33b939445c0203ce720b52f704dde1d0a2af5e36093ef1fe14c5f66e7082af5f0745997820a9eaa7f8e11727d1e817e282d9b6d1b236c990fd82853cc4c45
-
Xloader Payload
-
Suspicious use of SetThreadContext
-