General
-
Target
po.exe
-
Size
847KB
-
Sample
211020-zw6m2shfa8
-
MD5
5723a775452272c5b0508628a1d94364
-
SHA1
827e1716937a9579a71cce148e01afda49a18f7c
-
SHA256
efd1897cf1232815bb1f1fbe8496804186d7c48c6bfa05b2dea6bd3bb0b67ed0
-
SHA512
4b763ea50bb8160cc92c0b416c9bb80cf6ac6be920f9e5e49b5fde1969c010654d92834897296669d54d3650908a29ed0912e22c71ab5268af76e3c988c89064
Static task
static1
Behavioral task
behavioral1
Sample
po.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
po.exe
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
bsz6
http://www.hosotructiep.online/bsz6/
rn-interior.com
padimo40.com
original-photos.com
gigacode.club
sacarwrap.com
daphne1.com
studyabroadway.com
caddonline.com
medicareadvplans.net
keyuhair.com
ethenea-paris.com
hungryhollow.farm
hirdavatgezegeni.com
biotransmitter.com
vrikshamfinance.com
holzhafen-bodensee.com
houseofbegums.com
dream-mart.tech
csitexas.biz
kitchenalamode.xyz
elmosky.net
redpipedown.net
yourvetnurse.com
metaverseseven.com
article2u.com
platinumcapital.biz
compromissodeamor.com
huostuoot611.com
unvaccinatedrights.com
tess-factor.net
jeeaner.com
beastnut.com
kinume.com
aireshbhat.com
b52fashion.com
tarssame.com
brickovenbarbeque.com
newjourneypro.com
niannujiao.net
ss1258.com
cockblocker.biz
retrowhimsy.online
nationwidewine.online
wulkan-slots.online
modernleadersacademy.com
allmoves.net
kepalabergetartv2.com
nftclocker.com
maschinenkrieger.com
anmroofings.com
dolomitapizzeria.com
torg-penza.online
mediumjodya.com
proyectohaciendohistoria.com
connectszn.com
nudgepaywalls.com
stamping.digital
auricove.com
top7z.com
beputis4.com
freegamesel.net
empiric.academy
golaveg.com
fcogstj.com
Targets
-
-
Target
po.exe
-
Size
847KB
-
MD5
5723a775452272c5b0508628a1d94364
-
SHA1
827e1716937a9579a71cce148e01afda49a18f7c
-
SHA256
efd1897cf1232815bb1f1fbe8496804186d7c48c6bfa05b2dea6bd3bb0b67ed0
-
SHA512
4b763ea50bb8160cc92c0b416c9bb80cf6ac6be920f9e5e49b5fde1969c010654d92834897296669d54d3650908a29ed0912e22c71ab5268af76e3c988c89064
Score10/10-
Xloader Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-