General
-
Target
PENDING INVOICE & SOA.exe
-
Size
487KB
-
Sample
220131-lr7snaheg3
-
MD5
c961c07d14255cc3b92a963b205a1813
-
SHA1
be7d298bf6c8caa781ff4b317a7e298a4033a3e9
-
SHA256
ba141be73e37f7df95cb9f9019720cb8e1ee1b8415ba1775ffda49b58400392c
-
SHA512
edb3b7276db4ea207097630097c29b349aaf617ea3edcc749b4ef9e2ccf6a9bc200c755129390aa7ce9028f4ee6c706aefc99fa62b2d18fa037b373e88e3699f
Static task
static1
Behavioral task
behavioral1
Sample
PENDING INVOICE & SOA.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
m4ro
schedulekeymail.com
ruteglobe.net
makspeed.online
legalsoftsolutions.info
sportdemands.com
ci-ohio.com
ge-endoscopy.com
edp7.com
teammississippistate.club
risingrecovery.info
shouldimint.com
haxeo0d1wo.com
tjxinglin.com
immigrationformsus.com
best-free-soccer-academy.com
iamvitalessence.com
hellranch.net
creamydickmail.com
standshopping.com
slayhernail.com
flawlessfinisher.com
nexusbalance.com
teamselflovecollection.com
nicotimes.net
gatewayeastdevelopment.com
judoclubalbigny.com
c365sl.com
improvequote.com
drivesize.com
allensoldit.com
nioasu.com
glensfallsgobblewobble.com
lifement-test.com
donkolireti.online
qiuma.net
angelsconsultingservices.com
sozdavay.com
arrow-industries.com
indotogel369.com
aradhyagroups.net
kalayeshi.com
teambelda.com
fastlendr.com
directresults.biz
productshopify.store
charlimarketplace.com
anightintheforest.com
gloriamcarter.com
amor-vincit.com
villagecrossingapartments.com
cbdterapeutico.lat
workingholiday5.com
getbutton.net
cncwarp.net
kltfonbki.xyz
bgralife.com
businessinbrickell.com
shaalanrealestate.com
jrnarval.com
cafetuktuk.net
mauroadrianbioexistencia.com
senaifcresources.com
fe9muunu.xyz
dreamdrawings.art
vear.club
Targets
-
-
Target
PENDING INVOICE & SOA.exe
-
Size
487KB
-
MD5
c961c07d14255cc3b92a963b205a1813
-
SHA1
be7d298bf6c8caa781ff4b317a7e298a4033a3e9
-
SHA256
ba141be73e37f7df95cb9f9019720cb8e1ee1b8415ba1775ffda49b58400392c
-
SHA512
edb3b7276db4ea207097630097c29b349aaf617ea3edcc749b4ef9e2ccf6a9bc200c755129390aa7ce9028f4ee6c706aefc99fa62b2d18fa037b373e88e3699f
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-