General
-
Target
6c22b6330a22240a6266a2e4330dda749c43dae45d3bb8a76ee09b1f997255a0
-
Size
341KB
-
Sample
220128-2tmhhafhg5
-
MD5
c7bf4172a1a0a400d872901ac8aaec1c
-
SHA1
a761dde9bcd3d58d209130d15bf5a7f1cc38e16e
-
SHA256
6c22b6330a22240a6266a2e4330dda749c43dae45d3bb8a76ee09b1f997255a0
-
SHA512
ccdeab44f248424309dac151465e5b197752090f0d9e1d4f66893b02524befd0cfa48ffadae79765b63b3101bc1319355df4bbd3220d590bc51527a22dd41989
Static task
static1
Behavioral task
behavioral1
Sample
TT Advice Transfer confirmation.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
n8bs
monese-bank.com
silkypumps.xyz
tashabouvier.com
eduardoleonsilva.com
pinnaclecorporaterentals.com
megafluids.com
worldwidecarfans.com
benjamlnesq.com
unitedraxiapp.com
thetanheroes.com
jypmore.quest
indianasheriffs.biz
saintinstead.com
alldansmx.com
trulyproofreading.com
indotogel369.com
mermadekusse.store
radosenterprisellc.com
gseequalservices.com
techride.xyz
2031corp.com
centelytics.com
payperlivecalls.com
iphone13promax.guide
leadslingerstraining.com
generateideasint.com
afgelocal2741.com
n-visionlearning.com
strumagokart.quest
noisesocial.com
completefilmguide.com
mawuyrapaulin.com
heptagonfx.com
hype-clicks.com
uxog0.online
932381.com
trumpetrofnky.xyz
samudombang.com
hairtederionos.com
10karmy.com
nangniubanchanviet.online
brooklynprowellness.com
rockstarcleaningclub.com
rollnwin.top
breastextra.com
zahad-riedel.com
xuebqufvcdbgbqypuywgntpy.store
blogging2success.com
cnshippingagency.com
danielquasar.net
allthingsdog.info
legaltulsa.com
pure-impression.store
jonbeedle.com
ndtailgateofchampions.com
steelhorserescue.com
smart-realy.com
rebornmkt.com
zaktheme.xyz
myfranciscanshoe.com
linkedinupdate.com
fulviopires.com
magicspaces.digital
avtoshop761.com
myveguiolcusbyopappgroup.com
Targets
-
-
Target
TT Advice Transfer confirmation.exe
-
Size
388KB
-
MD5
48efc858b71dd263d50a4c7eab5cbd28
-
SHA1
b7fa887a0724cfe06d1752231e839694ede363b1
-
SHA256
947781dc2bb16bf085419b1804e568c2a0293423018f4b5e60beda4ed0ae218e
-
SHA512
28705d51526bef013f7752726ed7e59e84d14f9fecc91836822cadd5795cccd4e47c6aa1d8f2b82b382eb5a071eca1e07654866878f16910b2502f4fc0315855
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-