General
-
Target
934615bde495d4cbbfd0178c6eea46804cb19a447db1a8781bb43c5986012cbb
-
Size
339KB
-
Sample
211006-mbw7nabcaq
-
MD5
5ecdf9607af624d3ec1ed2bc9f0e9146
-
SHA1
d68079d495932ef242efc76e96fe6d75a1ab8dc0
-
SHA256
934615bde495d4cbbfd0178c6eea46804cb19a447db1a8781bb43c5986012cbb
-
SHA512
b7fe77eb6f6fbd620a5a7d187d1355fb43ece505d46846703ea71e84205fb6511867756552202a5b95163cc651a5ab9a14cb1b0c13e50260a5c57993df39835c
Static task
static1
Malware Config
Extracted
xloader
2.5
p08r
http://www.puremicrodosing.com/p08r/
focalstead.com
adult-affi2401.com
tamaracastrillejo.com
klimatika.pro
vineyardsimple.com
maskrgl.com
anamontenegro.website
lockolock.com
lkdgd.com
bgcs.online
tasteofgadsdencounty.com
abbastanza.info
serviciomovistar.online
xaudix.com
flintandfern.com
ranchoptician.com
tradeplay.net
chazuo.store
fb90km.com
americandropper.com
shopmoly.com
standunitedforamerica.us
whiteknucklegrips.com
clarysvillemotel.online
cunnters.com
cameroon-infos.net
minisoshop.com
consulitate.xyz
iriny1.com
globalservicesproviders.com
mai1xia.xyz
apeironnature.com
snobite.net
hyvecommerce.com
consumersvoice.net
blinglj.com
oarlary.xyz
elemnetoutdoor.com
wandawallinbristow.com
cyworldl.com
windpeople.store
happinessfashionline.com
representelectrical.com
istc3.com
alskdfalskdf.com
micaixmt.com
outnoble.online
bbeway.com
truenettnpasumo3.xyz
989451.com
kennycheng.tech
rankedclub.com
alynzmy.top
topcatrecords.net
yappiiblog.com
cannaonline.net
universityplacehome.com
tksonline.club
curlya-shop.com
checkbox-staging-pmgi.com
ziomotors.com
underdodrat.info
110cy.top
musiciridium.com
Targets
-
-
Target
934615bde495d4cbbfd0178c6eea46804cb19a447db1a8781bb43c5986012cbb
-
Size
339KB
-
MD5
5ecdf9607af624d3ec1ed2bc9f0e9146
-
SHA1
d68079d495932ef242efc76e96fe6d75a1ab8dc0
-
SHA256
934615bde495d4cbbfd0178c6eea46804cb19a447db1a8781bb43c5986012cbb
-
SHA512
b7fe77eb6f6fbd620a5a7d187d1355fb43ece505d46846703ea71e84205fb6511867756552202a5b95163cc651a5ab9a14cb1b0c13e50260a5c57993df39835c
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-