General
-
Target
triage_dropped_file
-
Size
253KB
-
Sample
211021-pj5j4sacd5
-
MD5
d0e4c13e6c8ba9fe34d86b554b595d9a
-
SHA1
83eee2dbe00ae265af9eb13105dc1068b6b034cd
-
SHA256
f8d9fbcef6907460baa7c91e53d1a40865901bb50906b5519cba440fdbc65032
-
SHA512
72f5fcd367c0f0fdc83827bea529f84a85ace28550a5cd8102cb0cde2829d81defe312fb0d95d3c5a8e8728f4efd8cb433bfab0b3e1f265fffdc4e0ad687247d
Static task
static1
Behavioral task
behavioral1
Sample
triage_dropped_file.exe
Resource
win7-ja-20211014
Behavioral task
behavioral2
Sample
triage_dropped_file.exe
Resource
win7-en-20210920
Behavioral task
behavioral3
Sample
triage_dropped_file.exe
Resource
win7-de-20211014
Behavioral task
behavioral4
Sample
triage_dropped_file.exe
Resource
win11
Behavioral task
behavioral5
Sample
triage_dropped_file.exe
Resource
win10-ja-20210920
Behavioral task
behavioral6
Sample
triage_dropped_file.exe
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
kqna
http://www.surfsolutions.info/kqna/
achyutlifesciences.com
anthemmg.com
netkopat.com
generationgirlnaturals.com
novatel-network.com
craftstockco.com
thevishantiverse.art
elkerfly.com
haerotechs.com
candypalette.com
gregdokes.com
e-commerce.company
gratitudeland.com
companyintelcloud.com
publicyazilim.com
xc6811.com
aracsozluk.com
janesgalant.quest
fraserstephendop.com
ryan.rentals
wyse-solutions.com
reddishslouqb.xyz
rukygua.xyz
unlimitedrehab.com
fundafes.com
goodoffice.online
guserq.com
tigerstarmatka.com
ganleychevybuyscars.com
murrayforcongress.com
artistandfund.com
integritynotarial.com
cantomarbait.com
alifdanismanlik.com
meggisiegert.com
high-clicks3.com
xn--schwche-8wa.com
caffeiny.com
landsoftexasranchland.com
armmapp.com
cursosminharendaextra.com
globalmarineserv.com
lowestfars.com
finlayo.com
hautlescoeurscollection.com
cyclesforyou.com
bagwashs.com
medicaltrust-sd.com
passivemen.com
midatlanticbath.com
mchaskellproperties.com
facetofacewith.com
worldwidecorumuk.com
g632b.online
atozshoppingllc.com
jcswkj.net
czemi.com
minutemannetwork.net
hjku.xyz
uko7wuyj.xyz
amigasconesencia.com
hodgeandpartners.com
edfnu.com
corncobmeal.com
Targets
-
-
Target
triage_dropped_file
-
Size
253KB
-
MD5
d0e4c13e6c8ba9fe34d86b554b595d9a
-
SHA1
83eee2dbe00ae265af9eb13105dc1068b6b034cd
-
SHA256
f8d9fbcef6907460baa7c91e53d1a40865901bb50906b5519cba440fdbc65032
-
SHA512
72f5fcd367c0f0fdc83827bea529f84a85ace28550a5cd8102cb0cde2829d81defe312fb0d95d3c5a8e8728f4efd8cb433bfab0b3e1f265fffdc4e0ad687247d
-
Registers COM server for autorun
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-