General
-
Target
enquiry no. 2770034921.exe
-
Size
381KB
-
Sample
220127-r127esegg8
-
MD5
5dde426d4383be37f818ee1205c50e11
-
SHA1
060c70157ceea0b08243a53e4baae2331b4449f8
-
SHA256
3f277a6819833eb0c7feab4e952301b4bac883e38ec8bd266093b6757d1920e8
-
SHA512
3b56d429b5d471cda4a8087dca70d74093bc3ac55a0cefba7949a76b254927d1ccadbbbf5a60554162817e930ed83ecf1515745763c0f13680c4ca9548054ac3
Static task
static1
Behavioral task
behavioral1
Sample
enquiry no. 2770034921.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
gab7
mbb11.xyz
taishancable.com
karaoke-sega.com
mana-space.com
danielandkaela.com
ancorasports.com
magentaclass.com
tenloe045.xyz
colorbold.com
5starrentertainment.com
candgconstructiontx.com
664cqi.com
alexeykazakov.com
umrashed.space
thepowerof10.club
scotchwoodofficeworks.com
anelis.digital
label34.group
karimico.com
dogsforsaleinkenya.com
optamiaads.com
gobgamon.com
cfphin.com
parsian-shetab.com
lumensoycandles.com
rakyatnews.online
tiendasu.com
244.house
thecrazyfarm.com
ibotvideos.com
foxyreal.website
egeolabs.com
becu84ts.com
investorsank.com
sagekimgray.com
eco1tnpasumo5.xyz
jingtailan-china.com
covapa2.com
yijiaclcs.com
uni-mia.com
english-sports.info
thinkercleaningservice.com
doislot.xyz
studiosagesalon.com
xn--z4qv1cr56dk0k.group
greencrvn.com
kabloomevents.com
backgammondestinations.net
exploitporbrl.xyz
twoindividuals.com
innisfailcleaning.com
kontrolnb.com
pinaldrywall.com
boettcherlaw.com
nano-shred.com
arinatechnology.com
mfkplatinum.info
ddfddpistol.quest
scarpatostudiolegale.com
scatfilms.biz
investmentcomp.com
xemphimlatmat5.com
phsenterprises.com
accutitleagency.biz
i8news-be.website
Targets
-
-
Target
enquiry no. 2770034921.exe
-
Size
381KB
-
MD5
5dde426d4383be37f818ee1205c50e11
-
SHA1
060c70157ceea0b08243a53e4baae2331b4449f8
-
SHA256
3f277a6819833eb0c7feab4e952301b4bac883e38ec8bd266093b6757d1920e8
-
SHA512
3b56d429b5d471cda4a8087dca70d74093bc3ac55a0cefba7949a76b254927d1ccadbbbf5a60554162817e930ed83ecf1515745763c0f13680c4ca9548054ac3
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-