General
-
Target
9.exe
-
Size
1.1MB
-
Sample
211008-q5qhraeeb9
-
MD5
fa3bd9cad3793c9cf8bdfac4159cb366
-
SHA1
54edf2049e0e177e6be114ac567b9a7c413a3b61
-
SHA256
ff577215d4aaa29ae63860167282ceeb0a703daadfdaef2155102500c269caa2
-
SHA512
a0ef4f68ffdf7e55a003e4bdf49b450ecdf4e4d92de4555e1fa0e77e5f2d7766b109a727ffde378ef9152a4198325c13af12a9fdf73f79755cc6398eadc42cdd
Static task
static1
Behavioral task
behavioral1
Sample
9.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
9.exe
Resource
win10v20210408
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
9.exe
-
Size
1.1MB
-
MD5
fa3bd9cad3793c9cf8bdfac4159cb366
-
SHA1
54edf2049e0e177e6be114ac567b9a7c413a3b61
-
SHA256
ff577215d4aaa29ae63860167282ceeb0a703daadfdaef2155102500c269caa2
-
SHA512
a0ef4f68ffdf7e55a003e4bdf49b450ecdf4e4d92de4555e1fa0e77e5f2d7766b109a727ffde378ef9152a4198325c13af12a9fdf73f79755cc6398eadc42cdd
Score10/10-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-