General
-
Target
u prilogu je nova narudzba za kupnju.exe
-
Size
1.0MB
-
Sample
211206-sa2cwahcd5
-
MD5
586db006f3320cb9a41a62f7f5a0c4e1
-
SHA1
3b6f558429e9fe51b191dfbb63bdc7161d95870a
-
SHA256
af2a8024939f13bee37b6d3a35aa5df93e2a6b11cede4bea19493c4d704b050f
-
SHA512
aa79f05e68b71cb7cb5ddb9f12ceada09e7433d7733adcde6c20eb1a3695cff22161cb73e8cee0898444e9e1ec9258b2a6ae4e2e780b5ed9849d4a1596cd3d17
Static task
static1
Behavioral task
behavioral1
Sample
u prilogu je nova narudzba za kupnju.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
u prilogu je nova narudzba za kupnju.exe
Resource
win10-en-20211104
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
u prilogu je nova narudzba za kupnju.exe
-
Size
1.0MB
-
MD5
586db006f3320cb9a41a62f7f5a0c4e1
-
SHA1
3b6f558429e9fe51b191dfbb63bdc7161d95870a
-
SHA256
af2a8024939f13bee37b6d3a35aa5df93e2a6b11cede4bea19493c4d704b050f
-
SHA512
aa79f05e68b71cb7cb5ddb9f12ceada09e7433d7733adcde6c20eb1a3695cff22161cb73e8cee0898444e9e1ec9258b2a6ae4e2e780b5ed9849d4a1596cd3d17
Score10/10-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-