General
-
Target
factura.r11
-
Size
491KB
-
Sample
211023-b1llnsffe3
-
MD5
9f2c6a434ce5af8fd2a0a75a8c39bf3e
-
SHA1
68dcef491633987afdb1dbfb8359cac30ba7be45
-
SHA256
497c4b0121e59a1fdeb370b38acf6d33f846a399ed3bdc47f51a230e1c198a25
-
SHA512
bd27288fe1ca29f1751b9d1b8642b02587a742af9cb4818b7a177ccf7911142808c1a3f945b0bf914ebb3f1e8f63b138650647b7f81e11eeaadbc16cc4322780
Static task
static1
Behavioral task
behavioral1
Sample
factura.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
snec
http://www.go2payme.com/snec/
sacramentoscoop.com
auroraeqp.com
ontactfactory.com
abenakigroup.com
xander-tech.com
cocaineislegal.com
carbondouze.com
louisvilleestatelawyer.com
sundaytejero.quest
arti-faqs.com
thisandthat.store
biodyne-el-salvador.com
18504seheritageoakslane.com
mfialias.xyz
whitestoneclo.com
6288117.com
oficiosuy.com
autogift.xyz
wallbabyshell.com
chaletlabaie.com
yy88kk.com
thepositiveenergycompany.com
personalexpressofertachegou.com
theoldplayground.com
aireapartmentsmsp.com
layfflj.com
xn--hss-s83bwm.com
tutoeasy.com
maintrove.com
changereferral.com
peanutl.com
portolaenterprise.com
vanscn.net
2wawaw16.me
gosatya.com
velocityphase.com
aprenda-sg-sst.com
dickinsonoutfitters.com
toptelecast-toreadtoday.info
argana.store
tagachiweb.com
bokepindoviral.com
nu865ci.com
thestogiestore.com
managexxxxx.com
japanskirt.com
leilaniheritage.com
m7chi.net
afjewelryaz.com
aset.guide
hx-banjin.com
foqenoa.store
kolkataescort.xyz
worldcrgenius.biz
stockandberry.com
ash-tag.com
orchestrated.design
point4sales.com
sattaking-delhiborder06.xyz
clear-rails.com
dentalpnid.com
ezekielgroup.com
17804maritimepoint101.com
qldrfb.com
Targets
-
-
Target
factura.exe
-
Size
684KB
-
MD5
7c6766218c6f18eb3f8be7391e8e62cc
-
SHA1
9cddeb0d7aa5e7206cd2b0a34c924ee5eb81ebe3
-
SHA256
2edd9500d065d10587fcb4f5551095e420c40f3bc5e406dd74bf23f954e01ada
-
SHA512
1da399c56670c79e725ebebb49f7c78cefeb652fea089f5e5961bce38803b4f687b04b09e7ea92bc13f1e23abee8b97a8f11f8d6bf76b2e0355380e1f224531f
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-