General
-
Target
8f599f0c9aa6c13dbbefded757547a99-sample.zip
-
Size
326KB
-
Sample
220131-1fcwgacgg3
-
MD5
f74d373a1ae45e6b8a87c6ef10675223
-
SHA1
30c7e8a73bbc4a7897e203b5798b6bec6c642a7b
-
SHA256
2431bcfeeed375246aa9b2e9a42868f57ccb0517bea50b9c9ddcc4ff8e3c75a1
-
SHA512
2ffcf377ba7b7bd3eed46867578cca2397111beb8adda2c893e567922794806d32ede14cb86f0e3b9110b040acf07dd0567f924478074a77d0bb43cd708d93f9
Static task
static1
Behavioral task
behavioral1
Sample
PO1922.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PO1922.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
ssac
beautybybrin.com
oregemo.com
prospectoriq.com
blazermid.com
cloudnineloans.com
myyntisofta.com
filoupoils.com
web-solutiontnpasumo3.xyz
becbares.com
lines-hikkoshi.com
ohayouwww.com
writingdadsobituarywithdad.com
bridalbaes.com
jamshir.com
rangertots.com
dankbrobeans.com
titan111.com
uplearns.info
maxicashprokil.xyz
evc24.com
mingshan888.com
thehomefurnishings.com
jjyive.space
vtkk.info
state-attorney.online
zoho.systems
nd300.com
ivermectinforanimals.ca
gruppobenedetto.com
planet99angka.xyz
astrotiq.com
fangshensj.com
ocean.limited
zalaridumpf.quest
cursolibreonline.com
lifein.art
identspactures.com
nfltvgo.com
chronicfit.store
mariajosereina.com
hebbz764776341.com
anpxlmmspix.mobi
mydevhub.tech
nobelrealm.com
dentalteamny.com
patinerd.com
socratisbey.xyz
hnylcwfs.com
yujieqin.com
midorato.com
sunglowdragon.com
americaplr.com
cxqdscape.com
situsgacor.xyz
sattlerei-dortmund.com
life120lospaccio.com
riddleme.one
perpustakaan-geominerba.online
renatafaceandbodyskincare.com
allkoreas.com
myvisitiq.com
candlesallday.com
poleador.com
4hsp116.com
homesbyvw.com
Targets
-
-
Target
PO1922.exe
-
Size
436KB
-
MD5
4206075224453d62fdff5aa5c32e392b
-
SHA1
5d862e2e94f2d83d1594d21fd4f73d96a192a2f0
-
SHA256
c804865a31c4ece9c6dbf12a13593c3402f04618477746eff72709c5dc5d3ebf
-
SHA512
7c048a79159f82fe3295a92f471dd8c8f01f8ea099bf1c8f53d0335f150579fb102baeb0df9c4c96a15af57f40cc11406a47d14de3975e3a1be605c572889062
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-