General
-
Target
85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
-
Size
939KB
-
Sample
211216-y7vt9acha8
-
MD5
cd1f4fa4338ae35dc3e24b7d4fdd2c36
-
SHA1
35585771c3637ad3df287166a5873f1587003194
-
SHA256
85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
-
SHA512
629cbd4806d4aa68c7f4223180d5c2a06378c9a5f1b7c3587f6e3f375ce5fdbc7eff20b0e9f24458d6c0eaa41c79ef786bd54b0e7c7eebf3a1c103b4eff4c669
Static task
static1
Malware Config
Extracted
xloader
2.5
ea0r
lionheartcreativestudios.com
konzertmanagement.com
blackpanther.online
broychim-int.com
takut18.com
txstarsolar.com
herdsherpa.com
igorshestakov.com
shinesbox.com
reflectpkljlt.xyz
oiltoolshub.com
viralmoneychallenge.com
changingalphastrategies.com
mecitiris.com
rdadmin.online
miniambiente.com
kominarcine.com
pino-almond.com
heihit.xyz
junqi888.com
metalumber.com
sclvfu.com
macanostore.online
projecturs.com
ahcprp.com
gztyfnrj.com
lospacenos.com
tak-etranger.com
dingermail.com
skiin.club
ystops.com
tnboxes.com
ccafgz.com
info1337.xyz
platinum24.top
hothess.com
novelfinancewhite.xyz
theselectdifference.com
flufca.com
giftcodefreefirevns.com
kgv-lachswehr.com
report-alfarabilabs.com
skeetones.com
4bcinc.com
americamr.com
wewonacademy.com
evrazavto.store
true-fanbox.com
greencofiji.com
threecommaspartners.com
hgtradingcoltd.com
xihe1919.com
241mk.com
helplockedout.com
wefundprojects.com
neosecure.store
purenewsworldwide.com
luckylottovip999.com
lottidobler.com
proyectohaciendohistoria.com
raintm.com
theproducerformula.com
trademarkitforyourself.com
ottaweed.com
asiapubz-hk.com
Targets
-
-
Target
85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
-
Size
939KB
-
MD5
cd1f4fa4338ae35dc3e24b7d4fdd2c36
-
SHA1
35585771c3637ad3df287166a5873f1587003194
-
SHA256
85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
-
SHA512
629cbd4806d4aa68c7f4223180d5c2a06378c9a5f1b7c3587f6e3f375ce5fdbc7eff20b0e9f24458d6c0eaa41c79ef786bd54b0e7c7eebf3a1c103b4eff4c669
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-