General
-
Target
Order Inquiry_List0811221Group_Pte Ltd.7z
-
Size
463KB
-
Sample
211122-pbghbaadf2
-
MD5
1e1782f69578137219cf553be09ece10
-
SHA1
f6c36594d19fadea0e07cd60ef4d93cb598e4bf9
-
SHA256
86df7f07c86eb205377bcae28ddb8b08e68907d2ab297e45ee8a58ae0c555eaf
-
SHA512
07bdb65b328e9c9627c9470a70cd9933206c3c9e3e0263f75ca6d672b83446aee3ac8f39d6ec7b43f0c36f099c7d348056604d619c3dd3a4be34daa5541c4e91
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry_List0811221Group_Pte Ltd.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
46uq
http://www.jixelbbk.com/46uq/
spiritueleonlinetraining.online
jrpz86.com
dataxmart.com
zeogg.club
killiandooley.com
159studios.com
clginter.com
greenwirechicago.com
kennycheng.tech
carolyngracecoaching.com
cp-altodelamuela.com
amazonflowerjewelry.com
anseron.net
surplusqlxbjy.online
asasal.com
online-buy-now.com
kolab.today
statisticsacademy.com
dcupqiu.club
braxtynmi.xyz
bcw.today
stilteruimtes.online
etihadit.com
xihoatuoi.com
fetch-an-us-borrow-money.zone
yooliaphotography.com
ooaz2.xyz
ssss.host
impossiblegrow.com
neilserver.website
renewable-energy-products.com
daywestskincare.com
esmexport.com
carrofrance.com
xiaoxiaodao.club
sterlingmktg.com
txcyclerepair.com
embas.online
interpol-inter.com
piaohua66.com
jollyprime.com
urbanphonecase.com
parareda.net
bursadavarbursadanal.com
emresonfry.com
sharkfangs.com
beepboople.com
ordenmorgi.quest
bdqimeng666.top
workforma.com
vintageknollsapartments.com
alienguise.com
id-923783.space
scj-bos.com
polebear.website
pharmacyle.com
viridishelf.com
abros88.com
ocdpsych.com
gulfandinlandlimited.com
turkishqlxmpw.online
suddennnnnnnnnnnn14.xyz
copyshopetc.net
cursos24-7.online
Targets
-
-
Target
Order Inquiry_List0811221Group_Pte Ltd.exe
-
Size
753KB
-
MD5
7a472b26cb03fb90b7f7a98f0e3aaaac
-
SHA1
0dfd979849653398c60d791ee385f80a3648dc0b
-
SHA256
9bd94109c257b316e248e2486f3b84bf358cc5b9b259154e6b0544bcb04269d6
-
SHA512
84c1f8ed44c4bb3dd15d11a8ba1f3127e59e69d0f3edf5c36a711d252f6022079e5424dddb42e32cde19f7bb665ce853d19fd07e6029470857014aefd2e1444e
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-