General
-
Target
Novi poredak. 03526128920.PDF.exe
-
Size
1.1MB
-
Sample
211118-vh1seshgh5
-
MD5
a1ce13a80829e9abbf85a3c5429896a5
-
SHA1
67a59bcf8bf3d0f675d100dba0494497e7f56783
-
SHA256
2495bc16feccab6c1e1a151993ca42fdb98caa81f11d5933226bf1f72bf7bf70
-
SHA512
69eac4b2fc7d4fd1cd89113aacba11738172f88c580a2f60b8dcc77c8a367766307ab7f4595a298ea7cf5a25e2cda56449ef8fa8bb28fb2b9c6df600bec768fe
Static task
static1
Behavioral task
behavioral1
Sample
Novi poredak. 03526128920.PDF.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Novi poredak. 03526128920.PDF.exe
Resource
win10-en-20211014
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Novi poredak. 03526128920.PDF.exe
-
Size
1.1MB
-
MD5
a1ce13a80829e9abbf85a3c5429896a5
-
SHA1
67a59bcf8bf3d0f675d100dba0494497e7f56783
-
SHA256
2495bc16feccab6c1e1a151993ca42fdb98caa81f11d5933226bf1f72bf7bf70
-
SHA512
69eac4b2fc7d4fd1cd89113aacba11738172f88c580a2f60b8dcc77c8a367766307ab7f4595a298ea7cf5a25e2cda56449ef8fa8bb28fb2b9c6df600bec768fe
Score10/10-
Xloader Payload
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-