General
-
Target
SNO22 595406_RACX-159814.exe
-
Size
740KB
-
Sample
220125-r8j1taheg5
-
MD5
57d59a3b3d87c9e5808da7ad2b013955
-
SHA1
22a3f4dceee7b5f63e9e940a435412362f947878
-
SHA256
58fb47124bf49f4190852baec863af03f73216cbba65c7eaa527f6ec6612e42b
-
SHA512
63b009c902adb07e83d9e28917e1f3ee5a4a49ae426ca4b99a29eeaa961c56e1456fceb02f078578f37a271e98276249ba182686bfdca60053cc8bef08802125
Static task
static1
Behavioral task
behavioral1
Sample
SNO22 595406_RACX-159814.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
p8ce
wishmeluck1.xyz
nawabumi.com
terra.fish
eoraipsumami.quest
awakeningyourid.com
csyein.com
tslsinteligentes.com
cataractusa.com
capitalwheelstogo.com
staffremotely.com
trashbinwasher.com
blaneyparkrendezvous.com
yolrt.com
northendtaproom.com
showgeini.com
b95206.com
almcpersonaltraining.com
lovabledoodleshome.com
woodlandstationcondos.com
nikahlive.com
sassholesentiments.com
bupis44.info
salahiheartclinic.com
loveandpersonality.com
electric-cortex.com
beijixing-zs.com
proper-sa.com
legacyfamilypartners.com
psidsamor.com
schotinderoos.com
kosma-concept.com
onitled.com
zscyyds.xyz
mannatgroups.com
radweb-demo.com
lambanghieuquangcao.info
antabatik.com
lerongclub.com
mobssvipshop.com
dr-walther.com
ibexitconsultants.com
cnyprospects.com
j9mkt64.com
archer-claims.com
lggrandinn.com
jowhp.com
outdoormz.store
cantikgroup.company
2brothersprinting.com
ginamodernart.com
koupeespen.quest
senerants.tech
designthrottle.com
emquality.com
cerulesafe.com
orascomservice.com
skinsotight.com
premiumconciergemarbella.com
cottagepor.xyz
gwayav.com
johnguidesyou.com
corporativokale.com
jskswj.com
xinico.info
gebaeudetechnik-burscheid.com
Targets
-
-
Target
SNO22 595406_RACX-159814.exe
-
Size
740KB
-
MD5
57d59a3b3d87c9e5808da7ad2b013955
-
SHA1
22a3f4dceee7b5f63e9e940a435412362f947878
-
SHA256
58fb47124bf49f4190852baec863af03f73216cbba65c7eaa527f6ec6612e42b
-
SHA512
63b009c902adb07e83d9e28917e1f3ee5a4a49ae426ca4b99a29eeaa961c56e1456fceb02f078578f37a271e98276249ba182686bfdca60053cc8bef08802125
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-