General
-
Target
Enquiry Reference Number 0025559278.exe
-
Size
744KB
-
Sample
211108-yc764adac9
-
MD5
cd9435966d20de265bc5f6f40daff4a3
-
SHA1
76cb2ab21a6009275ba3dcbe256a15a211833f35
-
SHA256
45790f1cc3cb37ecfe541981ddf9d25684d92576cceb6bdb809f345014de84f0
-
SHA512
95b3749be5950d52c3124df37971a0d03f3c7dd10168df13d9d2a2e523f6c435e51866207d9263f12164d86ab9e310ad098175ef59b9f1d83c678197cb44d528
Static task
static1
Behavioral task
behavioral1
Sample
Enquiry Reference Number 0025559278.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
u0n0
http://www.52xjg3.xyz/u0n0/
learnwithvr.net
minismi2.com
slimfitbottle.com
gzartisan.com
fullfamilyclub.com
adaptationstudios.com
domynt.com
aboydnfuid.com
dirtroaddesigns.net
timhortons-ca.xyz
gladiator-111.com
breakingza.com
njjbds.com
keithrgordon.com
litestore365.host
unichromegame.com
wundversorgung-tirol.com
wholistic-choice.com
shingletownrrn.com
kapikenya.com
kermmehienon.quest
harunowellness.com
avrknastyrke.quest
mpujadas.com
bonbyk.xyz
twozilla.com
abrahamguestacademy.com
canwasysce.com
cangshu76.xyz
clinicadeconsultanta.com
fazdesignmalta.com
localcommunityspace.com
subdlt.com
gothambody.net
tongtongticket.com
giadinhmarket.xyz
jessaniholdings.com
sebika.com
infinitygamesonline.net
denton4.com
ctenemuhos.quest
governerdsummerfun.com
69988.club
2pnlx3.biz
radhikamobilerajasen.online
myborntoshare.com
mdkfsdf.info
dj6688a.com
feelinthorny.com
minimart.digital
offprize.xyz
niallsinclair.com
iclouds.today
xn--80ajy8a.xn--80asehdb
marionutrishop.com
yanglaowenku.com
youngmotorist.com
unavidaparaserfeliz.com
linknhomkin.com
webwarez.net
sabrinaxmendes.com
nurix.agency
bancosabadellnow.com
totalpopsociety.com
Targets
-
-
Target
Enquiry Reference Number 0025559278.exe
-
Size
744KB
-
MD5
cd9435966d20de265bc5f6f40daff4a3
-
SHA1
76cb2ab21a6009275ba3dcbe256a15a211833f35
-
SHA256
45790f1cc3cb37ecfe541981ddf9d25684d92576cceb6bdb809f345014de84f0
-
SHA512
95b3749be5950d52c3124df37971a0d03f3c7dd10168df13d9d2a2e523f6c435e51866207d9263f12164d86ab9e310ad098175ef59b9f1d83c678197cb44d528
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-