General
-
Target
w2kNHCaUa9VsYrD.exe
-
Size
733KB
-
Sample
220306-c6yzmahgh7
-
MD5
e3271922cc8211a9ab17210ecd9f7c32
-
SHA1
fa7bd66048b4a644aca45efc2e406334cd43e71f
-
SHA256
542043a4750cb567691edcc7ec0e132a5f1627f037d94c1d39231e6453455da4
-
SHA512
3c753e2fa0878e9975126f49c15b8114d5f3c18f53062de81346767aec2bddfd4eefa8866cee4818e5fadb18f446af606c40d10cf21417ee477dfc246a4411ec
Static task
static1
Behavioral task
behavioral1
Sample
w2kNHCaUa9VsYrD.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
b8eu
coeusconsultancy.com
allutravel.com
frustratedsportsfan.com
notch.host
cvkur.com
dunamisathletics.com
citycourtlafayetteclass.com
tastingpay.com
beriteautoglass.com
mexicanaenergy.com
karaokepkllkb.xyz
equiposymaquinasparamineria.com
fsmgayrimenkulbursa.com
femmequidanseaveclalune.com
frfrjrbfkfncifnsnqwnxbcb.com
jmwxhsbktiyq7.xyz
nevirame.com
wppaulwriter.com
anandiaper.xyz
krasamart.com
osakebatake.com
procofun.com
makingcash4u.online
tbrme.plus
nfqch.com
regitconvention.com
lawyer-kuchukov.online
encontrartrabajosbuscarmex.com
robyngauer.com
awarity.agency
holyhirschsprungs.com
katiesmobilestyling.com
rj3143.com
theheroinejourney.net
jktechsupport.com
smartlifestickpack.net
getelements.today
awaknofficial.com
officereinstatementsg.com
cgloansllc.com
infra-hiit.com
additionstore.com
zerotocloudengineers.com
rezendetube.com
tarotgatahechizos.com
tanakaya-jp.com
krakow-nagromadzenie.space
frontpage.asia
exclusivedigitalprinting.com
bacnebuster.com
zbhuizhu.com
amenosu.com
sgparking.com
ynov-lille.com
kazamiharutoki.com
nottryingdoing.com
healthyeatingbooknow.com
thevisionagency.net
bjhaqx.com
qhzhuhang.com
ferryal.xyz
diglib.info
soulshine.today
mamazdenka.com
millennialsofacertainage.com
Targets
-
-
Target
w2kNHCaUa9VsYrD.exe
-
Size
733KB
-
MD5
e3271922cc8211a9ab17210ecd9f7c32
-
SHA1
fa7bd66048b4a644aca45efc2e406334cd43e71f
-
SHA256
542043a4750cb567691edcc7ec0e132a5f1627f037d94c1d39231e6453455da4
-
SHA512
3c753e2fa0878e9975126f49c15b8114d5f3c18f53062de81346767aec2bddfd4eefa8866cee4818e5fadb18f446af606c40d10cf21417ee477dfc246a4411ec
-
Xloader Payload
-
Suspicious use of SetThreadContext
-