General
-
Target
907d822406f165aac9a4fbe4a61088b223b18925e19f0ee2ac00b26d119ebb78
-
Size
1.2MB
-
Sample
220129-lzl6xsabf8
-
MD5
495e787a13ae84d43a1341f1fc320b1b
-
SHA1
f974a698b4213aa0aa68c46d617c97d78d08064f
-
SHA256
907d822406f165aac9a4fbe4a61088b223b18925e19f0ee2ac00b26d119ebb78
-
SHA512
6ecefa6d7ddebe7fa596856113f97388cdcaa86356f9e441b067465bb674e799827feda9684ff0d647574caffbf8acb397f615a92b33403c2e6fd294dc6fb3f3
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_EM.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
uar3
sgadvocats.com
mjscannabus.com
hilldaley.com
ksdollhouse.com
hotgiftboutique.com
purebloodsmeet.com
relaunched.info
cap-glove.com
productcollection.store
fulikyy.xyz
remoteaviationjobs.com
bestcleancrystal.com
virtualorganizationpartner.com
bookgocar.com
hattuafhv.quest
makonigroup.com
officecom-myaccount.com
malgorzata-lac.com
e-learningeducators.com
hygilaur.com
kgv-lachswehr.com
salazarcomunicacion.com
robopython.com
corporateequity.online
complianceservicegroup.com
aperza-ex.com
webflowusa.com
asesoriasfinancieras.xyz
missolivesbranches.com
numiquest.com
criskconsultancy.com
gotemup.com
themaptalk.com
lakebalboahalf.com
cateringfrenchcroissant.com
paddocklakerealestate.com
lojaquerosurprezza.store
courtneywhitearmusic.com
geovannimaquinadevendas.online
pricklypairjazz.com
engagedigi.com
conduitforthespirit.com
anaheimaletrail.com
wholesalemall.store
alertsbecu.com
gestion-kayfra.com
youcanstores.com
qsuo.net
formadv.info
dihesia.xyz
carrreir.com
twenteeminuteswithtee.com
realliferenewal.com
officialprokodsukses.icu
stanfordgrouploscabos.com
maxicashpromir.xyz
zysqshjs.com
trc-clicks.com
chsclbd.com
amdproduce.net
republicoflies.com
beaux-parents.com
lucrativeapp.com
milbombas.com
alexanderplaywear.com
Targets
-
-
Target
ORDER_EM.PIF
-
Size
247KB
-
MD5
6965c35c75220ac5a5d4f3ab46cf4363
-
SHA1
e4691bf844e64f3f05dda96ab50f8875979f65d6
-
SHA256
fb45dfc26c736d67a8c409194b6f0e503a4519be42dfd1eaa7b7efb026d7c512
-
SHA512
638c27f985560c0f9e7021cffd44a5c586f1c4a73d86c655e157d9167a6703d26961c2f6508c6a9aa850868042483b6878e97d644b9f0c7dcbd88e08076057b4
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-