General
-
Target
111.vir
-
Size
163KB
-
Sample
211014-g9ykgsgcg9
-
MD5
a9d2cf93c33422a04bc4cf09b7ec874a
-
SHA1
60b5b6ff503aba04a3bf9db5e2abd9d2f867e874
-
SHA256
89886686c26da7dc2ea3d1ea47da68f4f33c3e399d32b3b4abd115eb0c017bd9
-
SHA512
a272167c5b3678fa720c2e1e88298b4b7e2411f72d189b21887a378ee0ab794d3c28ed8b966e1280ae30785d7042b8c7c978d6f6fd1d9032d8ab208ec6ac6e11
Behavioral task
behavioral1
Sample
111.vir.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
g9vg
http://www.supra413.com/g9vg/
selenebrennan.com
htsfrance.com
monsieurtechno.com
argosy.city
lit-clouds.com
emilio-m.com
crashycraft.net
washmebro.com
1houroflife.com
millershaga.com
newtonpod.com
camopants.net
animator-show.com
qqzome.com
assetacre.com
letsmakeyourchoice.com
gileadpreferences.com
ecomarklifestyle.com
mivaautomotive.com
rattle100.com
askfortesting.com
majorelectricalwork.com
blockbotprofit.com
lanceseuexpert.online
zatventure.com
fitnessbykc.com
renatafaceandbodyskincare.com
opusmime.com
biyimeilou.com
soulhospitalitygroup.net
peaktradecapital.com
augmentedfact.com
petmall.website
rfmanutencoes.com
mgav40.xyz
konzertmanagement.com
thisisweenz.com
xn--42cg2czax6ptae6a.com
scienceworldapub.com
perfumeriavictory.com
ankarasinirsizescortlar.xyz
keenflat.com
fodfus.com
bright-tailor.com
spaciolb.com
pinkpolishseattle.com
homewebmailz.com
devple.com
cimehey9.xyz
tracks-clicks.com
xn--vcs93h35hgx1d.com
omightygod.com
francesmaydesign.com
partyitemshire.com
alsatkazan.com
thewhitfieldcondos.info
kevin-kwan.com
amazoncosmo.site
gamasecjapan.com
softwarenews.digital
cakeboxjamaica.com
vitale.global
bonvivanto.com
amazingsiddha.com
Targets
-
-
Target
111.vir
-
Size
163KB
-
MD5
a9d2cf93c33422a04bc4cf09b7ec874a
-
SHA1
60b5b6ff503aba04a3bf9db5e2abd9d2f867e874
-
SHA256
89886686c26da7dc2ea3d1ea47da68f4f33c3e399d32b3b4abd115eb0c017bd9
-
SHA512
a272167c5b3678fa720c2e1e88298b4b7e2411f72d189b21887a378ee0ab794d3c28ed8b966e1280ae30785d7042b8c7c978d6f6fd1d9032d8ab208ec6ac6e11
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-