General
-
Target
1ZA109T4043832978.exe
-
Size
870KB
-
Sample
210929-tkmsxafce2
-
MD5
b9c97800cf3e146a5ab333672363db14
-
SHA1
545da9f150fcdf0994b87d09b26963c3a2788665
-
SHA256
5f849b2eff2280adf1041388bbad6fc2e4f047c36b6d942ecd4e07946352049c
-
SHA512
65f5ed4a6ebfb6125faa6f347070d391c5ec883f84603777605da2790cb8bf90c372e8d1bb86447479e2ddb3d63ea6b4fb089667a0fdb7ed6587b2416c7a7fb5
Static task
static1
Behavioral task
behavioral1
Sample
1ZA109T4043832978.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
tr7h
http://www.globalinterchangellc.com/tr7h/
hnhstudios.com
du-lang.com
lonestartradeoilllc.com
criptool.online
rebus-automotive.com
boxedwallconsepts.net
helixarray.com
jinqiaodianfen.com
goldenwaxi.com
comprarloterianacional.com
digebitdigital.com
cryptoupp.com
332151.com
bousui.club
redakassoumeh.com
giantinosglobalreachstore.com
resultsnft.com
papicolar.com
juvesti.com
tax-kaikei.com
fondosanimados.com
iamdrina.com
thenerdversity.com
dbdembroidery.com
credreality.com
brandinghollywood.com
texasshydraulics.com
empresafabago.com
oscyrk.com
greenworlder-game.com
smarti.space
cablerailingdesign.com
miura-conseil.biz
investoroffence.com
economicfreedomtools.com
xn--espaol101-o6a.online
tamoca.com
vezmnmnr.xyz
muniaduttafoundation.com
penshowmaps.com
thelettingagent.online
nfractal.digital
5151vip36.com
artelaser.net
001yu.xyz
xn--grlitzerseebhne-8sb7i.com
starlamovement.com
minacezsa.xyz
dizajnbalkona.store
edenhomeinspections.com
knx-concept.info
mccorveywedding.com
efterpisart.com
superbitems.com
beandhira.com
dawang999.com
kentvebaskanodulleri.com
range4tis.com
clark-painting.com
associatedmove.com
whwzhsw.com
yiganyimiao.com
pingwangjinrong.com
drivingflex.com
Targets
-
-
Target
1ZA109T4043832978.exe
-
Size
870KB
-
MD5
b9c97800cf3e146a5ab333672363db14
-
SHA1
545da9f150fcdf0994b87d09b26963c3a2788665
-
SHA256
5f849b2eff2280adf1041388bbad6fc2e4f047c36b6d942ecd4e07946352049c
-
SHA512
65f5ed4a6ebfb6125faa6f347070d391c5ec883f84603777605da2790cb8bf90c372e8d1bb86447479e2ddb3d63ea6b4fb089667a0fdb7ed6587b2416c7a7fb5
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-