General
-
Target
5817230832074752.zip
-
Size
501KB
-
Sample
211026-zzs65aacg5
-
MD5
1739810fab67b61a54f1c94c1ff88339
-
SHA1
affaf7293d47e696a270a89973fcd424effaa637
-
SHA256
2c6fad6a7fb8a7a34573dde4421ef3ad0dbf0b03da7d99aa34a9b398847914dc
-
SHA512
268439647f65b38caa005b36748f23d8ea20923847c5d3c0d979af45fb23e8c6177bb75d11904e38856a3a7fd8d05feb3c76318214602058bf8090707e157396
Static task
static1
Behavioral task
behavioral1
Sample
c3c712f6cafb2e2768423e6e5dd623177962b820e140d1942099090ba67b8100.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
c3c712f6cafb2e2768423e6e5dd623177962b820e140d1942099090ba67b8100.exe
Resource
win10-en-20210920
Malware Config
Extracted
xloader
2.5
bsz6
http://www.hosotructiep.online/bsz6/
rn-interior.com
padimo40.com
original-photos.com
gigacode.club
sacarwrap.com
daphne1.com
studyabroadway.com
caddonline.com
medicareadvplans.net
keyuhair.com
ethenea-paris.com
hungryhollow.farm
hirdavatgezegeni.com
biotransmitter.com
vrikshamfinance.com
holzhafen-bodensee.com
houseofbegums.com
dream-mart.tech
csitexas.biz
kitchenalamode.xyz
elmosky.net
redpipedown.net
yourvetnurse.com
metaverseseven.com
article2u.com
platinumcapital.biz
compromissodeamor.com
huostuoot611.com
unvaccinatedrights.com
tess-factor.net
jeeaner.com
beastnut.com
kinume.com
aireshbhat.com
b52fashion.com
tarssame.com
brickovenbarbeque.com
newjourneypro.com
niannujiao.net
ss1258.com
cockblocker.biz
retrowhimsy.online
nationwidewine.online
wulkan-slots.online
modernleadersacademy.com
allmoves.net
kepalabergetartv2.com
nftclocker.com
maschinenkrieger.com
anmroofings.com
dolomitapizzeria.com
torg-penza.online
mediumjodya.com
proyectohaciendohistoria.com
connectszn.com
nudgepaywalls.com
stamping.digital
auricove.com
top7z.com
beputis4.com
freegamesel.net
empiric.academy
golaveg.com
fcogstj.com
Targets
-
-
Target
c3c712f6cafb2e2768423e6e5dd623177962b820e140d1942099090ba67b8100
-
Size
1017KB
-
MD5
72a251065b2ede0e5f7cd372e04a815c
-
SHA1
df56b66ab765c9418658b6e4ccfab96a89bb357b
-
SHA256
c3c712f6cafb2e2768423e6e5dd623177962b820e140d1942099090ba67b8100
-
SHA512
5c7bb1fa8184fb0bbf3407abb85c20383ea24c9244801c0f57063985bf5a5f13cc4c3f2aeb33a63478895844315e0dcafba830cc3bc6e2286b12e187e0c1729a
Score10/10-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-