General
-
Target
Notificação_de_transferência_efetuada-Santander.exe
-
Size
660KB
-
Sample
211011-ner8jshadl
-
MD5
efb464ece5f5aa332a60d241aa93a74f
-
SHA1
1b07ef42b7d91b71600f7512e6eb7248510b2330
-
SHA256
7384a61fc69ce24610f7c4658c2ef8786c4cdc5d6ad6b33d1a9f506d6b6388d3
-
SHA512
86c4b630151a648ed004e543996eba2d9a54dfb14de71b1f38f2e4fe4881c4e2a8b7e2c7f6c52876d8f3eb4406b0c12c349861e024de40568306b3505bd3ef82
Static task
static1
Behavioral task
behavioral1
Sample
Notificação_de_transferência_efetuada-Santander.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
ons6
http://www.parasitevhs.net/ons6/
946acc.net
ilkermulla.com
edificationhub.com
aptbaby.com
luisrgonzalez.com
postandpine.com
objective-object.com
storeydrive.rentals
mobile-find.com
africanbridaluk.com
zzjn12.xyz
ritechoiceinvestmentgroup.com
zitzies.xyz
trulyproofreading.com
ktndetermine.xyz
advertising.land
keywordgomuwk.xyz
niecliomusicspirit.com
lhortelecom.com
cryptochieftan.com
fumctulsa.com
librariumclub.com
tinturas-espagiricas.com
regencyimperial.com
worldremirt.com
nikurei.com
edukado.online
med2cloud.com
sasktwl.net
ancditalia.com
nagukoohatomo.xyz
febfit.com
brasbux.com
bilinili236.xyz
girlxyz.com
trm.computer
studiomuis.com
pinnap.online
ra-hanbaiten-lulusia.xyz
desso.one
devilsheartdesign.com
gestproducts.com
mount-motion.com
miltonjorge.net
xiaomiyp6.com
rurikon2.com
wwwmwrfinancial.com
mikexktolsd.com
businessim.net
algoescrow.com
bitterbaybay.com
acidulante.com
yourchancemarketing.com
accidental-blogger.com
breastcancerforumbd.com
viellacharteredland.com
wkefaromaticum.com
guardianenergy.group
gamblersprintcars.com
midiff.com
firstbymel.com
fdwqw.xyz
ngatihaukoporeihana.com
pictureballthose.top
Targets
-
-
Target
Notificação_de_transferência_efetuada-Santander.exe
-
Size
660KB
-
MD5
efb464ece5f5aa332a60d241aa93a74f
-
SHA1
1b07ef42b7d91b71600f7512e6eb7248510b2330
-
SHA256
7384a61fc69ce24610f7c4658c2ef8786c4cdc5d6ad6b33d1a9f506d6b6388d3
-
SHA512
86c4b630151a648ed004e543996eba2d9a54dfb14de71b1f38f2e4fe4881c4e2a8b7e2c7f6c52876d8f3eb4406b0c12c349861e024de40568306b3505bd3ef82
-
Xloader Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-