General
-
Target
SOA _ Aug-Dec 2021 Require Sign&Seal stamp.rar
-
Size
401KB
-
Sample
220204-gpamxsegh6
-
MD5
e97e3c4deb23dddccb0920e7b38a3f0a
-
SHA1
d1598573e30aafd8169d6a7ab067e1a28dd775a8
-
SHA256
5e323290dee2f509e1e55df44b4b9630b0dbdb62f9a6eb96f01e8a12b7a2ac22
-
SHA512
95b8d5593f6a20494db53523465226952735be94c14ef827e97594e25b67036737fd8bf9469784ca85a10175a2510ce6233ccabd6b32c543167f2c411167daed
Static task
static1
Behavioral task
behavioral1
Sample
SOA _ Aug-Dec 2021 Require Sign&Seal stamp.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
SOA _ Aug-Dec 2021 Require Sign&Seal stamp.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
xloader
2.5
pout
leadergaterealty.com
k7bsz.info
laidjapp1.com
eastcountytaxi.com
betterlife-uae.com
materaiku.com
chanhxebinhthuan-hcm.online
06gjm.xyz
67t.xyz
here-we-meet.com
screened-articletoseetoday.info
lucykg.club
mujdobron.quest
susakhi.com
funtabse.com
unlimitedpain.com
2ed58fwec.xyz
weighttrainingexpert.com
allisonsheillax.com
yektaburgers.com
altijdstoer.info
airemspapartments.com
videomuncher.com
centerstagedrama.com
nikkou-toy.store
arequipesymerengues.com
haishandl.com
fy2zy5.com
mailheld.digital
sheepysage.com
fabricadocredito.com
siq212.com
moo-coo.com
hoomxb.net
6s2.space
rsholding.net
castellanacustomboats.online
tremblock.com
ramblingkinkster.com
teamsooners.club
onlinecasino-univ.com
dash8board.com
aichuncha.com
springhilllawn.com
zgluke.com
happynft.agency
urbanempireapparel.com
guanyiren.com
biglotteryking.com
marionkgregory.store
mujeresyaccion.com
smcusa.net
mayyon.net
vivibanca.website
15dgj.xyz
miabossjewelry.com
ideeperloshopping.cloud
healizy.com
huvao.com
huggsforbubbs.com
radiomacadam.online
firirifilms.com
knowhorses.com
chickenbeetlebooks.com
transtarintl.com
Targets
-
-
Target
SOA _ Aug-Dec 2021 Require Sign&Seal stamp.exe
-
Size
563KB
-
MD5
6ba8c1b65f0d629b681ef2a34cb24785
-
SHA1
18c8b83ff38a0b5a650cfbd0392bef190fe81921
-
SHA256
f61b011c13db4d0cf3d35a73c8e1cf9edd3505c68013af06e24f7c0a857c6dc3
-
SHA512
e5b0bf176ca0d0108ab6c526ad1f0e13b25b5d9eb86f6f47e60454bdbaa36005f809b91b3ffa62edf8927fbd56d341e0356acf4985a184d6732666773c91718d
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-