General
-
Target
1480f1e7c67eba8390ea572cd3b9b133bb6da142e689979d581a46f1672c197c
-
Size
369KB
-
Sample
220207-atg48sdcc2
-
MD5
20a5d9c849989672de66b624250dadfa
-
SHA1
404e5793ff2af295fb2723deb1705a545d9f07a9
-
SHA256
1480f1e7c67eba8390ea572cd3b9b133bb6da142e689979d581a46f1672c197c
-
SHA512
ff9176d4080eaebba85bee2446d435e8fd919a626a90645d288032fb75620e096afcf150446b722e42557e139626974e5819a20ab87e514a07450341cba8df1b
Static task
static1
Behavioral task
behavioral1
Sample
New Purchase Order.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
noi6
daliglobalservice.com
thenationschristianchurch.com
aliqy.com
grace-saunders.com
endlessretirement.com
stanleycupticket.com
dltgame.club
healthqnahindi.com
salniyrk.icu
laurasbaked.com
vintagechinese.com
agrocomposites.com
aimedsports.com
vegeatsdirect.com
goh-pbl.com
fairview.global
affiliateprogramscenter.com
blogizarshop.com
loorzon.com
curtex.info
magasinerquebec.com
nc0002.com
ecosysweb.com
engagesps.com
viewdriverch.com
zoonsf.online
bdaface.com
jerukstar.com
shopownage.com
rameshwarrajshastri.com
giftdeliveryinonehour.com
beijingpussy.com
fresh6milmerch.com
oldendo.com
untetherednews.com
meti-core.com
tergas.xyz
waltersellshouses.com
pinjamdanaja.com
theearthtrees.com
realestatebrokernc.com
automationaccepture.com
reflectsounds.net
calculatorformortgage.com
verify-check-code.com
flowerquick.xyz
sabaifunpark.com
tridentcnc.store
vegasfestivaltickets.com
sevenwonderscoffee.com
bestbiz.agency
nativeteacheronline.com
speecherouges.website
cn-chnet.com
betamaxfilms.com
divinationbyalexa.com
wow2beauty.com
jimshoneyforever.com
excoinbig-pro.com
artinmemory.com
amoreweddingsevents.com
103york.com
lemirtillo-restaurant.com
sensitiveadvantage.com
besthardinquiryremoval.services
Targets
-
-
Target
New Purchase Order.exe
-
Size
747KB
-
MD5
99e9bf49fad21cd57261f354af9742e4
-
SHA1
28e1025ad185b7502568d4dbdab483b25b8e0fac
-
SHA256
92ddc88d7c1bde849c18747f4fcd526c240a81efe9c74ee1dcaa4a72ecc9ac3a
-
SHA512
1c8e9d9e6052ebb054623aaaadde67627e0cb07f576cc8aaa5be5f48dcc34370d8658148a9716c8ca139742dbe4145bb3f4c365b2e23012138f1aace61280bbc
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-