General
-
Target
PO_PSLP20201201LASPRX36214 (2).exe
-
Size
1017KB
-
Sample
211026-m45dqshca5
-
MD5
1ab67b4ee011c1d0e1093c9d1f7bf5e4
-
SHA1
34d79d3275f079f283afde12fb01a7ed50370c5c
-
SHA256
567a5fef6b29e55518559e2020951d873a53a73f14feb8e58d9fe746e9f2161b
-
SHA512
38e94429592f5a29b14f355d099bb09a2fc3d0a4b06c4244d3a8bef44c07c61f4ec63d4e4f20580ddeda73e44c1c4500b2fe3db9975ddf74991157e28d7cb266
Static task
static1
Behavioral task
behavioral1
Sample
PO_PSLP20201201LASPRX36214 (2).exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PO_PSLP20201201LASPRX36214 (2).exe
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
epns
http://www.lnvietnam.online/epns/
mmfaccao.com
blttsperma.quest
946abe.net
indispensablehands.com
jkformationfrance.com
phonerepaire.com
lienquan-trian.com
youkuti.com
empowermindbodystudios.com
seunicapf.com
fk-link.xyz
kunai.tech
difficultbutdoablebrand.com
ejworkspace.com
teracorp.biz
thekids.today
quintaalentejana.com
annaviruksham.com
jshengrong.com
nsmetalmakina.xyz
hentainftd.com
alphabet-chicken-farms.com
erotikchat.red
skintipsllc.com
expressofertachegou.com
ygraeriotexniki.com
thesidehustler.net
visionries.com
deployinghigh.com
havana-smile.com
exclusivegift7.com
ephraimhomedeals.com
westquartier.com
kiingear.com
officecom-myaccount.com
lemomentconcept.com
royalteacherclass.com
alltart.com
hustlershandbook.biz
mxpvlv.biz
canalcorporate.com
carcity.toys
k6tkuwrnjake.biz
acrobike69.com
4000518883.com
katia-magnetisme.com
shiningproent.com
ikmbc-b02.com
thoughtsbig.com
baba.clinic
blazestead.com
12monthmillionairetraining.com
goodtasteonline.com
nokushop.com
teneses.com
215oldtoby.com
pampelina.com
eimzaizmir.com
newnetteline.com
discovertexasbeaches.com
farrukhportfolio.website
bombers.xyz
melissacarbonell.group
5402506.win
Targets
-
-
Target
PO_PSLP20201201LASPRX36214 (2).exe
-
Size
1017KB
-
MD5
1ab67b4ee011c1d0e1093c9d1f7bf5e4
-
SHA1
34d79d3275f079f283afde12fb01a7ed50370c5c
-
SHA256
567a5fef6b29e55518559e2020951d873a53a73f14feb8e58d9fe746e9f2161b
-
SHA512
38e94429592f5a29b14f355d099bb09a2fc3d0a4b06c4244d3a8bef44c07c61f4ec63d4e4f20580ddeda73e44c1c4500b2fe3db9975ddf74991157e28d7cb266
Score10/10-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-