General
-
Target
TT Transmitted Copy TRVTT2200390.exe
-
Size
706KB
-
Sample
220112-eynj2abag9
-
MD5
e08f07a15096d5eda6b9af217640692b
-
SHA1
d97dde29c20cc83def959ede08e0194db4cd3453
-
SHA256
071d14c83f00ed98e9c00926273cc741b6de2c4d74b7c02b63dce652ae5b8735
-
SHA512
dc529b138f4083608551dd0028c8d971724a06432000b56f8baf9b787a0e810248f4892a8ad68276f0416d01a52473bc96c6025814f6bde3c434bb8e940c6291
Static task
static1
Behavioral task
behavioral1
Sample
TT Transmitted Copy TRVTT2200390.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
n8bs
monese-bank.com
silkypumps.xyz
tashabouvier.com
eduardoleonsilva.com
pinnaclecorporaterentals.com
megafluids.com
worldwidecarfans.com
benjamlnesq.com
unitedraxiapp.com
thetanheroes.com
jypmore.quest
indianasheriffs.biz
saintinstead.com
alldansmx.com
trulyproofreading.com
indotogel369.com
mermadekusse.store
radosenterprisellc.com
gseequalservices.com
techride.xyz
2031corp.com
centelytics.com
payperlivecalls.com
iphone13promax.guide
leadslingerstraining.com
generateideasint.com
afgelocal2741.com
n-visionlearning.com
strumagokart.quest
noisesocial.com
completefilmguide.com
mawuyrapaulin.com
heptagonfx.com
hype-clicks.com
uxog0.online
932381.com
trumpetrofnky.xyz
samudombang.com
hairtederionos.com
10karmy.com
nangniubanchanviet.online
brooklynprowellness.com
rockstarcleaningclub.com
rollnwin.top
breastextra.com
zahad-riedel.com
xuebqufvcdbgbqypuywgntpy.store
blogging2success.com
cnshippingagency.com
danielquasar.net
allthingsdog.info
legaltulsa.com
pure-impression.store
jonbeedle.com
ndtailgateofchampions.com
steelhorserescue.com
smart-realy.com
rebornmkt.com
zaktheme.xyz
myfranciscanshoe.com
linkedinupdate.com
fulviopires.com
magicspaces.digital
avtoshop761.com
myveguiolcusbyopappgroup.com
Targets
-
-
Target
TT Transmitted Copy TRVTT2200390.exe
-
Size
706KB
-
MD5
e08f07a15096d5eda6b9af217640692b
-
SHA1
d97dde29c20cc83def959ede08e0194db4cd3453
-
SHA256
071d14c83f00ed98e9c00926273cc741b6de2c4d74b7c02b63dce652ae5b8735
-
SHA512
dc529b138f4083608551dd0028c8d971724a06432000b56f8baf9b787a0e810248f4892a8ad68276f0416d01a52473bc96c6025814f6bde3c434bb8e940c6291
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-