General
-
Target
bank details .rar
-
Size
236KB
-
Sample
220128-tehl1ageb9
-
MD5
b5ca3ee0e5bf389d8b6d691cc358069f
-
SHA1
b285df8a0113dd22e8aa1b9d9fe436b1adab9b57
-
SHA256
f0f85684d4b99718ec9ede7de230aa5c58bbaad73d8bf3f03d3059fffe4627bd
-
SHA512
aae6434c3c43f720b84f3234f8d3fbde9848b29aa9190be5130a13267fa94fe5f201262e145ecb196f2da79942e7c7d36b5d1baf36af6569f3c75faf8ac54dd3
Static task
static1
Behavioral task
behavioral1
Sample
bunker inquiry_mv setaii.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
igwa
listingswithalex.com
funtabse.com
aydenwalling.com
prochal.net
superfoodsnederland.com
moldluck.com
dianekgordon.store
regionalhomescommercial.com
mysecuritymadesimple.com
malwaremastery.com
kodaikeiko.com
jrzg996.com
agricurve.net
songlingjiu.com
virginianundahfishingclub.com
friendschance.com
pastelpresents.com
answertitles.com
survival-hunter.com
nxfddl.com
traditionnevertrend.com
agrovessel.com
unicorm.digital
cucumboy.com
alemdogarimpo.com
laraful.com
hexwaa.com
hanu21st.com
knoycia.com
qishengxing.com
gopipurespices.com
fdkkrfidkdslsieofkld.info
elephantspublications.online
valeriebeijing.com
xn--42cg2czax6ptae6a.com
2shengman.com
sfcshavedice.com
ragworkhouse.com
stardomfrokch.xyz
exoticcenterfold.com
eventosartifice.com
test-order-noren.com
110bao.com
face-pro.online
freedomoff.com
futuresep.com
tremblock.com
chocolat-gillotte.com
speclove.com
ddflsl.com
goodnewsmbc.net
cloudtotaal.com
goapps-auth.com
ouch247max.com
sabra-sd.com
luxuryneverhurt.art
rxvendorpills.online
ludowinners.online
placemyorder.online
skyrim.company
monsterlecturer.com
controle-fiscal.com
phoenixinjurylawyer.online
nanoheadgames.com
toposales.com
Targets
-
-
Target
bunker inquiry_mv setaii.exe
-
Size
248KB
-
MD5
242a7a023efff4ca0bc7abdd3171feb8
-
SHA1
c33c534361745d93a30f0e5a86c87e38fc170210
-
SHA256
39cc0c369b8ce6f0570864f4ac0019abed40383a582aae1a13c34e2de08a7168
-
SHA512
e6f0157ef9c92270e45ecab19ee34c7d85d5104e621234efb9f386d3bc1a5afcd0d14a67882d3937d01d565ddc0c782a43ccecb0f99c84246c51653c4a801521
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-