General
-
Target
88d735da9f8ca6d1cfb1ff692715cc8b
-
Size
613KB
-
Sample
211108-md8y8sbgb5
-
MD5
88d735da9f8ca6d1cfb1ff692715cc8b
-
SHA1
1583386de41eca9d2bfe9a21741219c4db356cf5
-
SHA256
3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663
-
SHA512
894147a5980b0bcaac7bb410f6bb009919737e285b23d049ae54217d2ed935bfd44227e380d76678243e62dbfa121a6ad913ad0cab722417edb50dd0a93143b7
Static task
static1
Behavioral task
behavioral1
Sample
88d735da9f8ca6d1cfb1ff692715cc8b.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
upi8
http://www.dfwbcs.com/upi8/
portavella.net
wraphollywood.com
uodpik.website
1h30m.online
taziyesayfalari.net
bigredtrucking.net
thr33h3ad3ddragon.art
magentavar.com
crowliz.net
italianexpresshouston.com
laminaparfum.com
xn--espaol101-o6a.online
orderonlinegift.com
fittuning.com
jurisligne.com
palmbeachdb.com
vatikanlottery.com
worldtravelcostarica.com
treeplantco.com
veloci-cloud.com
bjfengshibing.com
standbyez.digital
heidiscuss.xyz
usbgdt.com
njkhmj.com
halloweensells.com
rocket-bet.net
cloudofthings.net
cosachgetolk.quest
outgenerallytap.xyz
terabyte-hosting.com
kkp72.com
thesugarlanding.com
orangeroofingcompany.com
investecholdingsuk.com
americanmamallc.com
dragondrax.com
riyiflower.com
szhemgc.com
kusum.group
daniellestienstra.com
jenniferseltz.com
salon-dolphin.com
isiticisizhavaperdesi.com
hsbgs-asia.com
crishantha.info
medio-news.store
preceslume.quest
franlend.com
gsjbd24.club
davantra.com
adornel.online
zopl-49boa.com
dashmints.com
keyakiya.com
yuanyindongman.com
once-only.info
icaterlunch.com
stafftaculer.net
wildcatweedbarrier.com
alexmorton.online
zylyt.com
esnadhc.com
cataractusa.com
Targets
-
-
Target
88d735da9f8ca6d1cfb1ff692715cc8b
-
Size
613KB
-
MD5
88d735da9f8ca6d1cfb1ff692715cc8b
-
SHA1
1583386de41eca9d2bfe9a21741219c4db356cf5
-
SHA256
3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663
-
SHA512
894147a5980b0bcaac7bb410f6bb009919737e285b23d049ae54217d2ed935bfd44227e380d76678243e62dbfa121a6ad913ad0cab722417edb50dd0a93143b7
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-