General
-
Target
da7b4c213039524dd2cd661cb20e62ae
-
Size
599KB
-
Sample
211014-ng5lnahab5
-
MD5
da7b4c213039524dd2cd661cb20e62ae
-
SHA1
81ad9e9a3d24242fa7619ad23bb6eed117672a3d
-
SHA256
7d9a7c06ad6bdf4b58d325900a940f3bf830862d108c8cf58d3d77982b87f8c2
-
SHA512
fb55d71a64138bc17f5e7a0c8f6496ddeeb0a156270a1de4b8c0bcee9920a46fef0beba34f1bd0a9d589e5a49ad9d1803b71245a9ec28414c956c594886555af
Static task
static1
Behavioral task
behavioral1
Sample
da7b4c213039524dd2cd661cb20e62ae.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.5
bntn
http://www.forex-fm.online/bntn/
pollynfertility.com
frayahanson.com
longrunconsultancy.com
influencerimpactacademy.com
kentislandeats.com
71zkck.biz
835641.com
sklepmeki.store
lauradanielphotography.com
betnubhelp.com
invoicefunder.com
reignbeautycompany.com
eclipsegl.com
zacharyparkerporward5.com
alexiamalan.top
xn--299akkrtr22f.com
telex.business
pingsportsbet.com
fountainspringsrehab.com
intelbloodstock.com
drtuba.one
seoblur.com
paramustowing.com
shristientreprise.com
addcolor.city
mirofotografias.com
techno-delights.com
pineapplejacks.net
hojerti.info
httpxhydh233.xyz
safenterprisespk.com
nexria.com
whiskeyridgebeef.net
tongtongticket.com
shepinhang.net
ungurulife.online
treeserviceconsulting.com
azxx123.com
empyrealgrowva.com
do-remember.com
centralcontable.net
ort-care.com
dronedemonstration.com
georgioskaranasios.com
shojicorpadvisory.com
parwarluxurycars.com
astute.company
globalragas.online
9veronicaavenue.com
nv-us1.com
sailislife.com
nordiclightsllc.com
the-solar-ohio.com
bakermckenzieny.com
cherielu.com
gemini-airwave.pro
experienceanewremarkable.com
nillionbux.com
overcomeeverythingathletics.com
binbin-ads.com
hoganieftini.com
referralinstituteatlanta.com
willpowerleggings.com
tuningwarehouse.com
Targets
-
-
Target
da7b4c213039524dd2cd661cb20e62ae
-
Size
599KB
-
MD5
da7b4c213039524dd2cd661cb20e62ae
-
SHA1
81ad9e9a3d24242fa7619ad23bb6eed117672a3d
-
SHA256
7d9a7c06ad6bdf4b58d325900a940f3bf830862d108c8cf58d3d77982b87f8c2
-
SHA512
fb55d71a64138bc17f5e7a0c8f6496ddeeb0a156270a1de4b8c0bcee9920a46fef0beba34f1bd0a9d589e5a49ad9d1803b71245a9ec28414c956c594886555af
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-