General
-
Target
af2ab44a73066cdf3468fcf9a6f92f93218bfa6c777aa1dc30b219d6696b9cfa
-
Size
1.2MB
-
Sample
220201-wek38saeb4
-
MD5
35a992cb33867a790b26884019f785f0
-
SHA1
cfb8e4f3f27f3c94370757bf715e70d62b2e09e2
-
SHA256
af2ab44a73066cdf3468fcf9a6f92f93218bfa6c777aa1dc30b219d6696b9cfa
-
SHA512
4d29246b01239bcf6eedb0689b1946dde9aba760da6f1fbcc0387adc36de524ef8f23853a73d06f2288a10620a003222243a6a4d2dd9852fa1fd31e7b0d6f6b6
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_80.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ORDER_80.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
uar3
sgadvocats.com
mjscannabus.com
hilldaley.com
ksdollhouse.com
hotgiftboutique.com
purebloodsmeet.com
relaunched.info
cap-glove.com
productcollection.store
fulikyy.xyz
remoteaviationjobs.com
bestcleancrystal.com
virtualorganizationpartner.com
bookgocar.com
hattuafhv.quest
makonigroup.com
officecom-myaccount.com
malgorzata-lac.com
e-learningeducators.com
hygilaur.com
kgv-lachswehr.com
salazarcomunicacion.com
robopython.com
corporateequity.online
complianceservicegroup.com
aperza-ex.com
webflowusa.com
asesoriasfinancieras.xyz
missolivesbranches.com
numiquest.com
criskconsultancy.com
gotemup.com
themaptalk.com
lakebalboahalf.com
cateringfrenchcroissant.com
paddocklakerealestate.com
lojaquerosurprezza.store
courtneywhitearmusic.com
geovannimaquinadevendas.online
pricklypairjazz.com
engagedigi.com
conduitforthespirit.com
anaheimaletrail.com
wholesalemall.store
alertsbecu.com
gestion-kayfra.com
youcanstores.com
qsuo.net
formadv.info
dihesia.xyz
carrreir.com
twenteeminuteswithtee.com
realliferenewal.com
officialprokodsukses.icu
stanfordgrouploscabos.com
maxicashpromir.xyz
zysqshjs.com
trc-clicks.com
chsclbd.com
amdproduce.net
republicoflies.com
beaux-parents.com
lucrativeapp.com
milbombas.com
alexanderplaywear.com
Targets
-
-
Target
ORDER_80.PIF
-
Size
246KB
-
MD5
e15ae6b598e9b227a07a09056570afd6
-
SHA1
46b5a6c316570f75be5f9732ece769547d431e39
-
SHA256
2c9c53afeadf78570137cbee063eb4446a2f2086d516b348199ed4500434c126
-
SHA512
9648aaae24b7384a12b3c165591c781c375cec2af31afa60002060d9ba81e0f4d616d50ac1e10dedd6d7c363a56ccdceb29598aac517d7dd4341b24256b93ad1
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-