General
-
Target
Invoice_xls.exe
-
Size
311KB
-
Sample
220119-g6nk4sfef7
-
MD5
11dd29bb7f2c5cb432b766b5b8dd828d
-
SHA1
d9fc2d3ef2af139ad15773b448ce1250c7262651
-
SHA256
2f2ba4f8549cb5de1822f0382532abdcdbd6fc2ad1f2d5120bb4c9f145e84f08
-
SHA512
9f33dd9911a99757f6b475a1a6725c980d27d18a2ee30bf51ebe6b0f33a4211e294bfae196ec94c44475b92ec08cef94bc0a53ea0c4180f8d49eb336c12f9253
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_xls.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
3a4h
mohamedmansour.net
asap.green
influxair.com
45mpt.xyz
cablerailingdesign.com
salesdisrupter.com
cxfarms.com
enerconfederal.com
pl1x.top
nyoz.top
fitnesz.website
minimi36.com
borealiselectricalrepair.com
miskalqurashi.com
importacionesdelfuturo.com
cigfinanacial.com
luxamata.xyz
digicoin724.com
gozabank.com
tribal-treasures.com
hose.center
myzipe.com
cqi2zp.biz
prodello.com
faciso.com
budgethoortoestellen.info
toddlyonsfishing.com
phhmrotgage.com
wcf888.xyz
paypal-caseid194.com
bobstranz.com
aerthlabel.com
echotrailliving.com
dysmict.com
ijoimr.com
excellentcreation.store
at-commercial-co.com
aeczpx99pxgd.biz
khuj1.com
reactivephysiorehab.com
trup.club
barber-king.online
shippingcontainerhomeus.com
sumanita.network
alyssaandrobert2022.com
greatamericanlandworks.com
fortlauderdalepartyboats.com
lqmrfw.com
industrionaires.com
potholepatrol.club
lagardeningsolutions.com
bigceme3.com
rebuildgomnmf.xyz
chimneysweepdetroit.com
tucochepordinero.com
companyintel.systems
xn--snabbtkrkortonline-j3b.com
fermentvmkwjm.online
cnywocean.com
tadrosmortgages.com
healthylifefit.com
smartcapitalpay.online
hiratasistemaseassociados.com
nowidza.com
oshirohego.com
Targets
-
-
Target
Invoice_xls.exe
-
Size
311KB
-
MD5
11dd29bb7f2c5cb432b766b5b8dd828d
-
SHA1
d9fc2d3ef2af139ad15773b448ce1250c7262651
-
SHA256
2f2ba4f8549cb5de1822f0382532abdcdbd6fc2ad1f2d5120bb4c9f145e84f08
-
SHA512
9f33dd9911a99757f6b475a1a6725c980d27d18a2ee30bf51ebe6b0f33a4211e294bfae196ec94c44475b92ec08cef94bc0a53ea0c4180f8d49eb336c12f9253
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-