General
-
Target
7d9a7c06ad6bdf4b58d325900a940f3bf830862d108c8cf58d3d77982b87f8c2
-
Size
599KB
-
Sample
211014-pf1fzshed9
-
MD5
da7b4c213039524dd2cd661cb20e62ae
-
SHA1
81ad9e9a3d24242fa7619ad23bb6eed117672a3d
-
SHA256
7d9a7c06ad6bdf4b58d325900a940f3bf830862d108c8cf58d3d77982b87f8c2
-
SHA512
fb55d71a64138bc17f5e7a0c8f6496ddeeb0a156270a1de4b8c0bcee9920a46fef0beba34f1bd0a9d589e5a49ad9d1803b71245a9ec28414c956c594886555af
Malware Config
Extracted
xloader
2.5
bntn
http://www.forex-fm.online/bntn/
pollynfertility.com
frayahanson.com
longrunconsultancy.com
influencerimpactacademy.com
kentislandeats.com
71zkck.biz
835641.com
sklepmeki.store
lauradanielphotography.com
betnubhelp.com
invoicefunder.com
reignbeautycompany.com
eclipsegl.com
zacharyparkerporward5.com
alexiamalan.top
xn--299akkrtr22f.com
telex.business
pingsportsbet.com
fountainspringsrehab.com
intelbloodstock.com
Targets
-
-
Target
7d9a7c06ad6bdf4b58d325900a940f3bf830862d108c8cf58d3d77982b87f8c2
-
Size
599KB
-
MD5
da7b4c213039524dd2cd661cb20e62ae
-
SHA1
81ad9e9a3d24242fa7619ad23bb6eed117672a3d
-
SHA256
7d9a7c06ad6bdf4b58d325900a940f3bf830862d108c8cf58d3d77982b87f8c2
-
SHA512
fb55d71a64138bc17f5e7a0c8f6496ddeeb0a156270a1de4b8c0bcee9920a46fef0beba34f1bd0a9d589e5a49ad9d1803b71245a9ec28414c956c594886555af
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-