General
-
Target
PO#00650288.doc.exe
-
Size
777KB
-
Sample
220127-bt1f9adge5
-
MD5
c94bd5f674928d2e347a99a84ac09c79
-
SHA1
8983b3c54e9978f05c7f99ad8ff7f7af8527fbbb
-
SHA256
9ecd8c9e350e594b3698eae609755d3422bd7d88a457731834a931db312a788c
-
SHA512
bcea02361b6b1ec2c9e6eb3d0251579c88130c1cfb238dcc2d8cca2b4a9fcd9886b59d30abac4221a4e4b86482bb18cd0b5faefea36fb4b32a25276aac4dc1bc
Static task
static1
Behavioral task
behavioral1
Sample
PO#00650288.doc.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.4
nid3
bocadilleriapk2guadalajara.com
vaccinatedmaid.com
uvoznaroba.com
sore2.com
carphonegadget.com
0543hm.com
valglobalgroup.com
badbogeyclub.com
sonykameraja.biz
dpz831.icu
wyvernmediagroup.com
jason-luttrell.com
joehcq1.com
1aiizsbb.icu
thelousciouscocoon.com
crypto4.education
letrassinfronteras.com
truemovehispeed.com
se25diy.com
cisdax.com
tahlila.com
trdssdt.xyz
columbusgaragedoorinstaller.com
stormi.cloud
futbolgrafia.com
be7.top
huntthe.site
betvui.info
kimminjoung.com
tachibana5610.com
devils-brewmc42.com
compacttrailer.net
mxz9.com
jinsagency.com
arganfairtrade.com
terrysshop.com
cleoholdings.net
naijarain.com
oobertrek.com
yuchainpskxop.xyz
restromanage.com
musejewelryofficial.com
argoap.com
dswiosepbx.com
asjcy.com
devcodigital.com
vertxexepress.net
inchimica.com
isoleigonmediagroup.com
seowritingtool.com
diceylove.com
wecanseetoofar.com
sddebouchages.com
padbergpen.com
addtech.company
dbq123.com
caminosantiagofinisterre.com
tiihonen.info
diegos.xyz
shopsoya.com
artdannymarx.com
fdyzlly.icu
gvasollers.com
gyrso.xyz
diverontour.com
Targets
-
-
Target
PO#00650288.doc.exe
-
Size
777KB
-
MD5
c94bd5f674928d2e347a99a84ac09c79
-
SHA1
8983b3c54e9978f05c7f99ad8ff7f7af8527fbbb
-
SHA256
9ecd8c9e350e594b3698eae609755d3422bd7d88a457731834a931db312a788c
-
SHA512
bcea02361b6b1ec2c9e6eb3d0251579c88130c1cfb238dcc2d8cca2b4a9fcd9886b59d30abac4221a4e4b86482bb18cd0b5faefea36fb4b32a25276aac4dc1bc
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-