General
-
Target
PO Document.exe
-
Size
323KB
-
Sample
211103-qz9dnsdhf4
-
MD5
1ec1e11ac3014b8dd331b3d08972f21b
-
SHA1
07c546a6a311835c712d9404be182daef56611ab
-
SHA256
afcf4012f8671a224c6856e0d968b7f7de88d7d96f0caddc97cd0f985694e530
-
SHA512
62ae0a5018493d84dd9605a71b25a7bc0b01462280655e4faa4918cd1765dd24de42e64aa9c1f48ce021a05a314dfc9e3b9ceccd7222b1c17c663d4ade3b4d42
Static task
static1
Behavioral task
behavioral1
Sample
PO Document.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
u9xn
http://www.crisisinterventionadvocates.com/u9xn/
lifeguardingcoursenearme.com
bolsaspapelcdmx.com
parsleypkllqu.xyz
68134.online
shopthatlookboutique.com
canlibahisportal.com
oligopoly.city
srchwithus.online
151motors.com
17yue.info
auntmarysnj.com
hanansalman.com
heyunshangcheng.info
doorslamersplus.com
sfcn-dng.com
highvizpeople.com
seoexpertinbangladesh.com
christinegagnonjewellery.com
artifactorie.biz
mre3.net
webbyteanalysis.online
medicmir.store
shdxh.com
salvationshippingsecurity.com
michita.xyz
itskosi.com
aligncoachingconsulting.com
cryptorickclub.art
cyliamartisbackup.com
ttemola.com
mujeresenfarmalatam.com
mykombuchafactory.com
irasutoya-ryou.com
envtmyouliqy.mobi
expert-rse.com
oddanimalsink.com
piezoelectricenergy.com
itservices-india.com
wintwiin.com
umgaleloacademy.com
everythangbutwhite.com
ishhs.xyz
brandsofcannabis.com
sculptingstones.com
hilldetailingllc.com
stone-project.net
rbrituelbeaute.com
atzoom.store
pronogtiki.store
baybeg.com
b148tlrfee9evtvorgm5947.com
msjanej.com
western-overseas.info
sharpecommunications.com
atlantahomesforcarguys.com
neosudo.com
blulacedefense.com
profilecolombia.com
blacksaltspain.com
sejiw3.xyz
saint444.com
getoken.net
joycegsy.com
fezora.xyz
Targets
-
-
Target
PO Document.exe
-
Size
323KB
-
MD5
1ec1e11ac3014b8dd331b3d08972f21b
-
SHA1
07c546a6a311835c712d9404be182daef56611ab
-
SHA256
afcf4012f8671a224c6856e0d968b7f7de88d7d96f0caddc97cd0f985694e530
-
SHA512
62ae0a5018493d84dd9605a71b25a7bc0b01462280655e4faa4918cd1765dd24de42e64aa9c1f48ce021a05a314dfc9e3b9ceccd7222b1c17c663d4ade3b4d42
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-