General
-
Target
Lista de ordenes de compra.zip
-
Size
432KB
-
Sample
211001-xws1vadae3
-
MD5
a4959d9307b6a97028f6b1a3e1465979
-
SHA1
864685bf0691108bf7c2889bb095ebd59acce27e
-
SHA256
220dc663c17238697d89921dd9aca193b52bf21c0e0bf0f9721292de91f5a053
-
SHA512
06adae543f0608b3c9d1e53cdb9e57cba52db0f1168da39e1c7447a320c995cb59b1916dc4b543c5a5c0f3b4c5cec11355a8e61c97eb7c0f7773ac2e079f4f75
Static task
static1
Behavioral task
behavioral1
Sample
Lista de ordenes de compra.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Lista de ordenes de compra.exe
-
Size
884KB
-
MD5
be586dde04b842854d2ff3a12488306c
-
SHA1
6e347940762a46884f97a22efbea203cd231325f
-
SHA256
f79690a1d55d2a07ff407ca6a7e74dfc8097d9c63d6fa59adc2e03c73d39290b
-
SHA512
30d36c0b8a0c938a25a75553269183c7d44376b5f7e62cd8a2fc04b1a3c327b8b664a7e5781f05e0e3442dd1a2f5b4254507b6b61ff0396db72e1f0690b526b5
-
Xloader Payload
-
Suspicious use of SetThreadContext
-