General
-
Target
REE20212110575259OCT.lzh
-
Size
404KB
-
Sample
211021-na81haabh3
-
MD5
5db43b8c8a1fea81c63ec85f0899d505
-
SHA1
f39a98fc1598e574a9f105b9b22b6c33315f2098
-
SHA256
cc92a5217fc8672312221ff0c7e7e24fc466c94e47bd813545839052f4b71a30
-
SHA512
c2d14cc5332cef854d427360dc2d89a578704fc6372d066f2cd47e899ff8598b737a1be7cc6cfcf0e2d0441e5aee31eb160195fb9faf159b7be4deb12576fe92
Static task
static1
Behavioral task
behavioral1
Sample
REE20212110575259OCT.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
gab8
http://www.purodetalle.com/gab8/
amateurfeetworship.com
big-food.biz
metaversevolution.com
profecional-pacasmayo.com
royzoom.com
bekindevolution.com
hokozaki.com
waltersswholesale.com
wayfinderacu.com
schnurrgallery.com
babygearrentals.net
imggtoken.club
24x7x366.com
lakiernictwo.info
les-cours.com
dwticket.com
onarollshades.com
ramireztradepartners.com
safarparfums.com
6ngie.info
hoedetamni.quest
europeangurl.com
sakhakot.com
franciscoalpizar.com
jsyysn.com
goldberg-lighting.com
symbebidas.online
aucoeurducadeau.com
diamondscaterers.com
surswain.quest
gequper.xyz
roytsb.com
332151.com
hienrenow.com
skullother.com
betnubhelp.com
donerightcleaningnation.info
noukou-tonkotsu.xyz
bulkysofthome.com
yuejiayouhua.com
sevillalimpieza.com
involvefinance.com
obz7mo9amu.com
niftyfashionreward.com
refunddngame.com
norllix.com
vergadercentrumdji.com
1006e.com
boraeresici.com
partnerbebefits.com
hejabbanifatemi.com
bigskypediatrics.com
thefortclub.com
blacksource.xyz
happyklikshop.com
fullamodatoptan.com
pinupcams.info
javnfts.com
duocvietpharmacy.com
babyfloki.tech
cequitycorp.com
frenziedflora.com
5cherries.com
slurcap.com
Targets
-
-
Target
REE20212110575259OCT.exe
-
Size
498KB
-
MD5
9c00fc940483cff2a0f3f619db16ad54
-
SHA1
6f9c746d9cfb4e0bbf829783a82b883f7317b16b
-
SHA256
8a54e41751369783c64f56f30133b985933092324e9b2dad025641d23643280c
-
SHA512
30451538f9ed65159280a168c711056d7bc0776d0c30f1c82bfa4dfacfe4373c01f503004f1eacc1a690104f99bf7e78c61c5436261c0813508467ff5dd4ff21
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-