General
-
Target
b4c024b530685b4d6624a05969d9997b.exe
-
Size
327KB
-
Sample
211103-yce6baefd8
-
MD5
b4c024b530685b4d6624a05969d9997b
-
SHA1
a584891d70ea5cc84d7d2934f3ea70af83b83980
-
SHA256
1b6ff162d06ef0d1df78ada89bc99374b76362c5693b625ef9d46c9ee50e5309
-
SHA512
3c6db8b881da0e6b0ee4b4effea7f1130ec6fec5e603f8617e2365cc4816c837bbca3c38af61015f48d201a20b027d131adac5a2e3df45b71d801b8feee1c4eb
Static task
static1
Behavioral task
behavioral1
Sample
b4c024b530685b4d6624a05969d9997b.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
qw2c
http://www.qhatu-peru.com/qw2c/
tripleincome.trade
theorigins.xyz
codzpays.com
tacocoparker.com
athensbyozanfirat.com
aero-charger.com
mobiushs.com
wealthpatternsllc.net
oneuplord.net
19kaldenbergplace.com
dxalt.com
pageants.xyz
mengyaoke.xyz
xn--80aaudhcmg4b.online
kpmg-grab.com
unsiontv.com
builderclubvn.com
shafara.com
bmwrepairnashville.com
gelgist.com
sauver-uhalas.com
theastonishop.com
ncell-gift.online
versebay.com
victocha.com
anthonylink.top
kemerya.com
entrepreneurbizlife.com
belfamarts.top
everydayhealth.space
gyghw.com
clarkstown65.com
zzjn12.xyz
barber-king.online
narasiforum.club
tokentoto.info
urteuzemni.quest
kmieske.art
dewy-shop.com
pecornwell.com
transactioninsite.com
anta-media.com
duckworthwedding.com
viklsonbas.xyz
cruisebookingsonlineukorg.com
41dgj.xyz
phoenixvirtualstaff.net
golfladys.com
tzkaxh.com
sachitool.com
mirofotografias.com
bumiths.com
noon2f.com
suzukiecuardor.com
ll-safe-keepingtoyof6.xyz
marcosvendasecursos.com
northcoastcedrick.com
eskrimwalls.com
alltimedivine.com
jdnissan.com
atzoom.net
hanseionlinemarketing.com
yanarajoubdesign.com
movieschor.info
Targets
-
-
Target
b4c024b530685b4d6624a05969d9997b.exe
-
Size
327KB
-
MD5
b4c024b530685b4d6624a05969d9997b
-
SHA1
a584891d70ea5cc84d7d2934f3ea70af83b83980
-
SHA256
1b6ff162d06ef0d1df78ada89bc99374b76362c5693b625ef9d46c9ee50e5309
-
SHA512
3c6db8b881da0e6b0ee4b4effea7f1130ec6fec5e603f8617e2365cc4816c837bbca3c38af61015f48d201a20b027d131adac5a2e3df45b71d801b8feee1c4eb
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-