General
-
Target
74ff4d2208e19a63a977b014b74b8a2a5321cc7984ab97d1b80c1885b92c56ec
-
Size
613KB
-
Sample
220121-1crkfsbch4
-
MD5
c5decf4a91037a48b68f2c7fe86cc19d
-
SHA1
0b92f1e8b2df2fb52d0b07234a494a337558543a
-
SHA256
74ff4d2208e19a63a977b014b74b8a2a5321cc7984ab97d1b80c1885b92c56ec
-
SHA512
100eb49ee67022c51eca6279e41cf10e6d8b7dab0147dea45d161f495a2a626768a273ac2a4c4238e5f6f332431143046171cba134ea87545039bcdab35d90a9
Static task
static1
Behavioral task
behavioral1
Sample
TT Transmitted Copy TRVTT2200390.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
n8bs
monese-bank.com
silkypumps.xyz
tashabouvier.com
eduardoleonsilva.com
pinnaclecorporaterentals.com
megafluids.com
worldwidecarfans.com
benjamlnesq.com
unitedraxiapp.com
thetanheroes.com
jypmore.quest
indianasheriffs.biz
saintinstead.com
alldansmx.com
trulyproofreading.com
indotogel369.com
mermadekusse.store
radosenterprisellc.com
gseequalservices.com
techride.xyz
2031corp.com
centelytics.com
payperlivecalls.com
iphone13promax.guide
leadslingerstraining.com
generateideasint.com
afgelocal2741.com
n-visionlearning.com
strumagokart.quest
noisesocial.com
completefilmguide.com
mawuyrapaulin.com
heptagonfx.com
hype-clicks.com
uxog0.online
932381.com
trumpetrofnky.xyz
samudombang.com
hairtederionos.com
10karmy.com
nangniubanchanviet.online
brooklynprowellness.com
rockstarcleaningclub.com
rollnwin.top
breastextra.com
zahad-riedel.com
xuebqufvcdbgbqypuywgntpy.store
blogging2success.com
cnshippingagency.com
danielquasar.net
allthingsdog.info
legaltulsa.com
pure-impression.store
jonbeedle.com
ndtailgateofchampions.com
steelhorserescue.com
smart-realy.com
rebornmkt.com
zaktheme.xyz
myfranciscanshoe.com
linkedinupdate.com
fulviopires.com
magicspaces.digital
avtoshop761.com
myveguiolcusbyopappgroup.com
Targets
-
-
Target
TT Transmitted Copy TRVTT2200390.exe
-
Size
706KB
-
MD5
e08f07a15096d5eda6b9af217640692b
-
SHA1
d97dde29c20cc83def959ede08e0194db4cd3453
-
SHA256
071d14c83f00ed98e9c00926273cc741b6de2c4d74b7c02b63dce652ae5b8735
-
SHA512
dc529b138f4083608551dd0028c8d971724a06432000b56f8baf9b787a0e810248f4892a8ad68276f0416d01a52473bc96c6025814f6bde3c434bb8e940c6291
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-