General
-
Target
Confirmacion de pedido adjunta.zip
-
Size
341KB
-
Sample
211015-vs1keabbf6
-
MD5
b679fd1bee4485a5a19a68092e6a6458
-
SHA1
fb9e37871a635d4d37621c5591e9b956a08a518f
-
SHA256
b31ccef7bdf1791270ed8dfea977fbc89c89ce02a3b8e1e4448814d1989c2ff0
-
SHA512
33e307c67b46a43bb3ab74f81cefdf4d6dbe93bc85eb789b9dade8664f4851a87aa51dd17d6af09b983d6d4cad952cbeceb50fed7ba2413fcbb5b10aeb072c66
Static task
static1
Behavioral task
behavioral1
Sample
Confirmacion de pedido adjunta.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Confirmacion de pedido adjunta.exe
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Confirmacion de pedido adjunta.exe
-
Size
678KB
-
MD5
040a8260884518ab908a2a0e97817bc5
-
SHA1
e66db10967767d32c75a6d29e1d982fbcd9a0390
-
SHA256
c337b8ea797cbd83791f52fc82156c1f9ffba9557b20ed73581dc788fddba788
-
SHA512
9553d0c5d9996c83dd1656a96c7bc8d6474234ff0e16f14b94d0c0c7056b4fd00337cb452c31555b150d2fba6d4081e95e6212365426e92833bcc72978bd7cc6
Score10/10-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-