General
-
Target
Alis sifarisi.exe
-
Size
1.0MB
-
Sample
220211-m99kmsceh2
-
MD5
54c39236d174c27d217736cd049d8bbd
-
SHA1
832f5c5c4cbf2b4f888f319654cf002176bbb916
-
SHA256
2179647ebf96503deb5fae78827c5d99757f2926f0226cb5a6e4181e2f0c1a07
-
SHA512
1df01d52dc6965d5b42c3f03887b01c0fdd1593666e1733d8776d4a64f22253c062e6f1e29fc403f2217547f96962955fe7733b23b55b0f5fd3a5774acec5c7a
Static task
static1
Behavioral task
behavioral1
Sample
Alis sifarisi.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Alis sifarisi.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
xloader
2.5
pvxz
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
finetipster.com
Targets
-
-
Target
Alis sifarisi.exe
-
Size
1.0MB
-
MD5
54c39236d174c27d217736cd049d8bbd
-
SHA1
832f5c5c4cbf2b4f888f319654cf002176bbb916
-
SHA256
2179647ebf96503deb5fae78827c5d99757f2926f0226cb5a6e4181e2f0c1a07
-
SHA512
1df01d52dc6965d5b42c3f03887b01c0fdd1593666e1733d8776d4a64f22253c062e6f1e29fc403f2217547f96962955fe7733b23b55b0f5fd3a5774acec5c7a
Score10/10-
Xloader Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-