General
-
Target
documents.exe
-
Size
509KB
-
Sample
220303-smbmzsbfe5
-
MD5
a3db3121e70a7f14f148112cf9c2b354
-
SHA1
9e558cbc0c8656cde57e5aeac354828c7792ed3c
-
SHA256
a4e3ba6772cc6a006c061a0fc86fafdab1a11602004743018eb2d21524ea3f0e
-
SHA512
71a96e744d4fc66e5fd9fc00d64d23bdb0486650a8eb45c7fea6b7e0b42ae80e7d4a88076d772ecfab135c994426554112d548ae06a046478b0b34f8d19f3a0f
Static task
static1
Behavioral task
behavioral1
Sample
documents.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
yrcy
sturlabas.com
tantrungcompany.com
wildgraceyogahealing.com
wsparalegal.com
8xhgq.xyz
mysaylav.com
amelntl.net
cooleshow.online
adventuresbydisneyathome.com
sprinklekart.com
prostitutkitambovasuck.info
pakdao.com
finsith.com
nightpartner82.xyz
sex9a4ufbj.com
ketohousee.com
mairie-les-cammazes.com
elebots.xyz
highqualityremodeling.net
teamsterslocal553.com
rws3.xyz
ngucocloisua.online
waiting-game.com
chauffeureddriven.com
makemusictemecula.com
17taol.com
big-swindle.com
surveycourses.com
my-safqati.com
gn-powerplants.com
colorgameph.com
jaysingpurchessacademy.com
onlinedon.net
sebashtiana.com
vitamincfood.com
thesportcollective.com
tradableassettokens.com
worldhealthnutrition.com
let-value.com
tanyademby.com
tollesonhouses.com
puzzleadventure.city
mindsetolimpionico.com
krakenind.com
investorsbak.com
tenloe049.xyz
gooddeals4u.online
adelphosformacao.com
cyndeiversondesigns.com
hrofmdieh.com
volucercab.com
bitcoindatai.com
gokelmining.com
magicbasketbourse.net
myblessedgeneration.com
super-trade.online
onevishnu.online
ctr-expert.com
globalitinfra.com
lickmychili.com
0xbot.net
91aaa.net
b3yg6g.com
ruleship.com
lifescreativeflow.com
Targets
-
-
Target
documents.exe
-
Size
509KB
-
MD5
a3db3121e70a7f14f148112cf9c2b354
-
SHA1
9e558cbc0c8656cde57e5aeac354828c7792ed3c
-
SHA256
a4e3ba6772cc6a006c061a0fc86fafdab1a11602004743018eb2d21524ea3f0e
-
SHA512
71a96e744d4fc66e5fd9fc00d64d23bdb0486650a8eb45c7fea6b7e0b42ae80e7d4a88076d772ecfab135c994426554112d548ae06a046478b0b34f8d19f3a0f
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-