General
-
Target
tmp/NHY9WgdS1Q8pZ9Y.exe
-
Size
1.3MB
-
Sample
211214-q68eysfgg2
-
MD5
6f1e08f3aeec64cedb74a5bb7ff22392
-
SHA1
961cc902df5b2ebc015dd848e7da4f7992eb6b54
-
SHA256
f78ac503e0942a1bafd27fc9464ab605eac94184d9da91a0385beb8debef65e4
-
SHA512
69d62f15c6a8aae56184be5cb0d2c115af5688d39640b881c9f369b7b73cbf145f372da2a93427853489646a42cea38df84a7e6edb94ae845a5c873e9ba43934
Static task
static1
Behavioral task
behavioral1
Sample
tmp/NHY9WgdS1Q8pZ9Y.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
b62n
http://www.multidetoxhepatico.com/b62n/
childzplanet.com
nine8culture.com
yourfoodmenu.com
nxhxyzjy.com
nobelies.com
baetsupreme.net
indiadiscountedfares.com
iconnect-design.com
durston.store
sweetcreationsbyjp.com
ktieman.com
getvirtualaddress.com
cryptopoly-figures.com
minismi2.com
ricemoment.com
regionalhomescommercial.com
onelike.biz
d22.group
kwissleapp.com
cindyrandband.com
wolfgap.com
ilogic8.com
digitize-vision.com
qiunianns.com
tejpalmeet.com
joywalkerconsultingllc.com
daudcoffee.com
muktobangla.xyz
tendenciaofertas.com
xuongkhophoanghuong.pro
circleofdeth.com
spoilthemrottenpets.com
innasamudra.com
pizzadelta.com
jcmsomedia.com
applelost-support.info
ridvanyilmaz.com
catherinehaskins.com
fogelsingleywedding.com
suddennnnnnnnnnnn20.xyz
3leadsaday.xyz
xn--salihzzmrt-icb8ec.com
rdaniels2.com
xn--growbb-fvab.com
badkyker.quest
sdoook.com
bagways.com
bullseyefunrun.com
ff4c2myy0.xyz
stardustfuel.com
yiyuanpai.net
permaculturemd.com
prospectly.cloud
myonchain.art
atlasconcretos.com
ghost.immo
kondanginyuk.online
mohamedtaher.xyz
sxsxnt.com
sofiarust.xyz
playmayka.com
eemtyx.com
tashamurphy.com
akoya-kyoto.com
Targets
-
-
Target
tmp/NHY9WgdS1Q8pZ9Y.exe
-
Size
1.3MB
-
MD5
6f1e08f3aeec64cedb74a5bb7ff22392
-
SHA1
961cc902df5b2ebc015dd848e7da4f7992eb6b54
-
SHA256
f78ac503e0942a1bafd27fc9464ab605eac94184d9da91a0385beb8debef65e4
-
SHA512
69d62f15c6a8aae56184be5cb0d2c115af5688d39640b881c9f369b7b73cbf145f372da2a93427853489646a42cea38df84a7e6edb94ae845a5c873e9ba43934
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-