General
-
Target
7t98b0nkQlBODdw.exe
-
Size
1.0MB
-
Sample
220222-s2jxxaaee5
-
MD5
0466190246cd2f51a7784d53820242ac
-
SHA1
f85c141f0d77f97ffea3af67866e1b311c2fb7bb
-
SHA256
873dbebeb40efa109a634b2ca2cb3faeae658dae5c19b518f4769c6dd65f4d38
-
SHA512
1f07df02ce04c07b1f94ebdf8095d1a4358059761f274b044acddc1bdf0d1145d9a40a2d7dbd499cec5a950d6bea6765b4a98f923ec2a84a0aff3972373e8e9e
Static task
static1
Behavioral task
behavioral1
Sample
7t98b0nkQlBODdw.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
wdc8
mygotomaid.com
joyoushealthandwellnessspa.com
wefundprojects.com
magicbasketbourse.net
vitos3.xyz
oligopoly.city
beauty-bihada.asia
visitnewrichmond.com
crgeniusworld.biz
bantasis.com
transsexual.pro
casagraph.com
eastjamrecords.com
howtotrainyourmustache.com
heiappropriate.xyz
bataperu.com
ces341.com
prajahitha.com
manuelagattegger.com
wolfpackmotorcycletours.com
yulietrojas.com
dariven.com
dd13thsept.net
kalpeshvasoya.com
theavarosecollection.com
bloody-randoms.com
yngo-arca.com
dealsoffer.xyz
marellaweddingplanner.com
seowongoopain.com
omightygod.com
dqblog.net
thethreadedbrow.com
medflex.center
filpify.com
chaletxp.com
santanderburge.com
171341.com
shannongroves.com
sisoow.quest
harleybowd.com
cardioflextech.com
exspv.com
permianbasinautismacademy.info
gardenchipvip.com
onsitemarketingsolutions.com
cvwerg.com
theketocopywriter.com
telarte-ceramicas.com
j2ig529zbahs.biz
oxygenii.com
extralegally.info
hbdlaq.com
themountainkings.com
fibliz.com
skyrangersfoundation.com
forbabylon.net
weilaiyitj.com
supplementstoreryp.com
thehappyartnook.com
houzzcoin.com
heyitsnew.com
jonnystokes.com
venuesgrantprogram.com
hamiltonrealestate.online
Targets
-
-
Target
7t98b0nkQlBODdw.exe
-
Size
1.0MB
-
MD5
0466190246cd2f51a7784d53820242ac
-
SHA1
f85c141f0d77f97ffea3af67866e1b311c2fb7bb
-
SHA256
873dbebeb40efa109a634b2ca2cb3faeae658dae5c19b518f4769c6dd65f4d38
-
SHA512
1f07df02ce04c07b1f94ebdf8095d1a4358059761f274b044acddc1bdf0d1145d9a40a2d7dbd499cec5a950d6bea6765b4a98f923ec2a84a0aff3972373e8e9e
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-