Overview
overview
10Static
static
Inv.738283...2 .exe
windows7_x64
10Inv.738283...2 .exe
windows10-2004_x64
10Inv.738283...df.lnk
windows7_x64
3Inv.738283...df.lnk
windows10-2004_x64
10Inv.738283...df.lnk
windows7_x64
3Inv.738283...df.lnk
windows10-2004_x64
10Inv.738283...12.exe
windows7_x64
10Inv.738283...12.exe
windows10-2004_x64
10Inv.738283...df.lnk
windows7_x64
3Inv.738283...df.lnk
windows10-2004_x64
10General
-
Target
a4e6c9409796f16634d1ea40046a99021f940425a84abe6f5cc638734d9f13b8
-
Size
588KB
-
Sample
220221-msa1rafdd2
-
MD5
03dfe0c922c9d2db8b0305bd4eee4bf1
-
SHA1
e8260934eaa8a4f6c9f4fa18ce7e435606adf562
-
SHA256
a4e6c9409796f16634d1ea40046a99021f940425a84abe6f5cc638734d9f13b8
-
SHA512
46911be678004260b454d70efe1bff5cbe18c74748f0363349f6cd97956f8ff4aa6f4874a4ba9f55154d1a084b8f1f83a1be466908e93a5ef72c4e28ab6aa39c
Static task
static1
Behavioral task
behavioral1
Sample
Inv.73828374291273/Bank Details827363812 .exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Inv.73828374291273/Bank Details827363812 .exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral3
Sample
Inv.73828374291273/Bank Details827363812 .pdf.lnk
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
Inv.73828374291273/Bank Details827363812 .pdf.lnk
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
Inv.73828374291273/inv.0419827363812.pdf.lnk
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
Inv.73828374291273/inv.0419827363812.pdf.lnk
Resource
win10v2004-en-20220113
Behavioral task
behavioral7
Sample
Inv.73828374291273/inv.827363812.exe
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
Inv.73828374291273/inv.827363812.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral9
Sample
Inv.73828374291273/inv.827363812.pdf.lnk
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
kio8
greeaircondition.com
thewilmingtonguide.com
cbluedotlivewdmall.com
globalcrime24.com
heightsplace.com
ghar.pro
asosbira.com
melolandia.com
velactun.com
erniesimms.com
nutbullet.com
drizzerstr.com
hnqym888.com
ghorowaseba.com
1317efoxchasedrive.info
stjudetroop623.com
facestaj.com
airpromaskaccessories.com
wolfetailors.com
56ohdc2016.com
estedindustries.com
magmaplant.net
tf-iot.com
jtkqmz.com
helmihendrahasilbumi.com
audiencetrust.sucks
thespiritualabolitionist.com
lauratoots.com
fantasticsgelato.com
allinoncrypto.site
youremsys.com
awesome-veganism.com
tsunrp.net
systizen.com
73gardinerdrive.com
legamedary.com
newyorkcityhemorrhoidclinic.com
ffhcompany.com
angermgmtathome.com
plantationrevival.com
utopicvibes.net
envirocare-ss.com
domentemenegi20.com
gropedais.club
thaibizgermany.com
noimagreece.com
yogabizhelp.com
sanrenzong.com
bingent.info
chinhphucphaidep.online
dubojx.com
jennaloren.com
thedesigneryshop.com
opera-historica.com
pizzaterry.com
the-aviate.com
perteprampram01.net
pastormariorondon.com
dream-case.com
ocleanwholesaler.com
masdimensiones.com
fireworkstycoons.com
porntvh.com
fixedpriceelectrician.com
smallcoloradoweddings.com
Targets
-
-
Target
Inv.73828374291273/Bank Details827363812 .exe
-
Size
519KB
-
MD5
ad6e22542a878923e86da30d3e25c942
-
SHA1
fa760e243583ffed1c1e9de2e1ca93e27f170de4
-
SHA256
82327e5e44156cddbd2dd77556fc746dad24eeaedc11733c82729c7d0c10a1e7
-
SHA512
ca690896b789cd87bf62c9b9d65a6efadae4f8352c03cf818fe61931477d089b9f7ef057a1471eef6864e2a3877592d3981436fdedb842a514a67d8b2b2ac1e4
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-
-
-
Target
Inv.73828374291273/Bank Details827363812 .pdf.lnk
-
Size
1KB
-
MD5
649eacdfc07b3a918b7bf99dcdbee0dd
-
SHA1
fd2fa8f0554cb8c63c2d658478702ff80ee3fb44
-
SHA256
15f2c49b2f0483a141c8ffc320ffd1f1a4fb3b289a10119993208e797b7e1d59
-
SHA512
2ebed14f0b616080d11f149de436f72416968d0a9d7417b1a27b10507195ea461c57919a35e8881cc5bf60f7e4beaebd93b60cc195f61f27a9d9fba48617af41
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
Inv.73828374291273/inv.0419827363812.pdf.lnk
-
Size
1KB
-
MD5
0d0f3a9f80755b113951c078d2b42450
-
SHA1
22cb97859d1d598a29fc6e5463cc9a7eecd5e3a8
-
SHA256
8e6ce9999bbd7353629cec992372991ad0ada918d0ed952db4af6b7790b12c21
-
SHA512
ad9e7cddc40692d0ff001b2fca0b23e21a4cbdf6c620d22f80b79b7eb9451491108180c717a894d684043add86659358c3d4f78f4c2115e2fae86d8e26e648b7
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
Inv.73828374291273/inv.827363812.exe
-
Size
519KB
-
MD5
ad6e22542a878923e86da30d3e25c942
-
SHA1
fa760e243583ffed1c1e9de2e1ca93e27f170de4
-
SHA256
82327e5e44156cddbd2dd77556fc746dad24eeaedc11733c82729c7d0c10a1e7
-
SHA512
ca690896b789cd87bf62c9b9d65a6efadae4f8352c03cf818fe61931477d089b9f7ef057a1471eef6864e2a3877592d3981436fdedb842a514a67d8b2b2ac1e4
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-
-
-
Target
Inv.73828374291273/inv.827363812.pdf.lnk
-
Size
1KB
-
MD5
0d0f3a9f80755b113951c078d2b42450
-
SHA1
22cb97859d1d598a29fc6e5463cc9a7eecd5e3a8
-
SHA256
8e6ce9999bbd7353629cec992372991ad0ada918d0ed952db4af6b7790b12c21
-
SHA512
ad9e7cddc40692d0ff001b2fca0b23e21a4cbdf6c620d22f80b79b7eb9451491108180c717a894d684043add86659358c3d4f78f4c2115e2fae86d8e26e648b7
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-