General
-
Target
PO_101_130047762.bat
-
Size
641KB
-
Sample
220125-ab5skscfa9
-
MD5
64a55ea3ea24c0dc588b69a9b52d4d63
-
SHA1
6c18904214a95c08c5495a45666082fd619f3aff
-
SHA256
e7db2cf6be0191ff0e4e3249e2a559be905e299124fd5ee0b9e2d31ffefce58d
-
SHA512
34e43ee6d6c14aec0963140f0183cb8a3074eddddbe9f823135cd69f4815fd2adf4ceb4dd88f3c2e0da464cbdd82480a4f2e931e18924342cd0d6b16f4149f4f
Static task
static1
Behavioral task
behavioral1
Sample
PO_101_130047762.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
cuig
redhatnova.com
campify.store
isra-cards.com
iv-enter.com
tenantsforum.com
kg-zenith.com
phapvietdental.com
001ox.com
xn--pgb3df.com
kodikannath.com
thedeliciousrestaurant.com
041atk.xyz
thebithunt.com
pferde-vitalsysteme.com
bantasis.com
gee-law.com
missionew.com
tancouj.quest
zerogamessober.com
metropolitanprohealth.com
circuitosportivo.net
positive-vibs.com
vicoarno.com
misjangraga.xyz
868h.online
banlinhkhoinghiep.com
logicevolution.net
widgetlocker.info
alvideo.xyz
dai116.com
hanlongyinwu.com
rodmanbrand.com
alahlyfc.club
careerencouragement.com
luclocacao.com
qianshucd.com
photographersblueprint.com
webpassion.club
kimdelonghi.com
annapolisloanpro.com
teenagenrlcqy.xyz
usgmt.com
balsig.com
redpigletshop.com
blognumber.one
marriageaustralia.net
dragondrax.com
greyfour.com
dungeonsandcrafts.net
melisaclarke.net
evertonautomation.com
john-way.com
szgroupify.com
septemberstockevent200.com
extracters.store
sk1n.club
completeprintersupport.com
barmorelosmx.com
shopcertifiedloverboy.com
ferasan.com
selfhealingmovementcenter.com
rayanab.com
mooknationmedia.com
iternesia.com
eroanim.com
Targets
-
-
Target
PO_101_130047762.bat
-
Size
641KB
-
MD5
64a55ea3ea24c0dc588b69a9b52d4d63
-
SHA1
6c18904214a95c08c5495a45666082fd619f3aff
-
SHA256
e7db2cf6be0191ff0e4e3249e2a559be905e299124fd5ee0b9e2d31ffefce58d
-
SHA512
34e43ee6d6c14aec0963140f0183cb8a3074eddddbe9f823135cd69f4815fd2adf4ceb4dd88f3c2e0da464cbdd82480a4f2e931e18924342cd0d6b16f4149f4f
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-