General
-
Target
Invoice request.zip
-
Size
358KB
-
Sample
211120-atlsesfaf4
-
MD5
760f077658ce616f4596c1b248d35ad7
-
SHA1
f8b35ba59d1aa2ca67758bff6ef0b4e54a685e82
-
SHA256
37eb7f4102cd9f23d8bbfd795f8beee93582770d09bc2875741b67c731a12bfd
-
SHA512
cf0ad9d56c3da0ee0ccd15f399d1462eace4d90eb4d2a95a235136afb4786224f24eeb56a5dd07497ac1c7b2bb97cb1d63db2583e0912dbb3bddbc33845592d7
Static task
static1
Behavioral task
behavioral1
Sample
Invoice request.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
ea0r
http://www.asiapubz-hk.com/ea0r/
lionheartcreativestudios.com
konzertmanagement.com
blackpanther.online
broychim-int.com
takut18.com
txstarsolar.com
herdsherpa.com
igorshestakov.com
shinesbox.com
reflectpkljlt.xyz
oiltoolshub.com
viralmoneychallenge.com
changingalphastrategies.com
mecitiris.com
rdadmin.online
miniambiente.com
kominarcine.com
pino-almond.com
heihit.xyz
junqi888.com
metalumber.com
sclvfu.com
macanostore.online
projecturs.com
ahcprp.com
gztyfnrj.com
lospacenos.com
tak-etranger.com
dingermail.com
skiin.club
ystops.com
tnboxes.com
ccafgz.com
info1337.xyz
platinum24.top
hothess.com
novelfinancewhite.xyz
theselectdifference.com
flufca.com
giftcodefreefirevns.com
kgv-lachswehr.com
report-alfarabilabs.com
skeetones.com
4bcinc.com
americamr.com
wewonacademy.com
evrazavto.store
true-fanbox.com
greencofiji.com
threecommaspartners.com
hgtradingcoltd.com
xihe1919.com
241mk.com
helplockedout.com
wefundprojects.com
neosecure.store
purenewsworldwide.com
luckylottovip999.com
lottidobler.com
proyectohaciendohistoria.com
raintm.com
theproducerformula.com
trademarkitforyourself.com
ottaweed.com
Targets
-
-
Target
Invoice request.exe
-
Size
676KB
-
MD5
da15b6acf344c43696f03ccd0c9b5662
-
SHA1
490a2ef542738dfc47dc62663f1f4cd4b52d6c6d
-
SHA256
c26730ee4480c22df36df08e6386199eac697aef2310b98ec4719fe63f1d70f9
-
SHA512
403f26713a14eb962791da7abf6fc28d9c31d1a9db9ef2edec87a11153d65ebae31050b223fa904ab97923b3bad2dc0a14adbfc4642e3a1afa2f7f15d89484d5
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-