General
-
Target
5785349084839936.zip
-
Size
285KB
-
Sample
220307-syztysfdh2
-
MD5
2eb3feade17b2a72ef7efbe4538a98ae
-
SHA1
2590a77ec8be30afc42720e3f718d03caa061101
-
SHA256
c2db07ef9eadc24d56effb5858e81f2d7b241a75d0a39d0174fee389b9efb394
-
SHA512
615a96e6fc76a56ff9aede8c34145ccd1d2fd6613cb8e30da12dfeb3b929e87a0ecd849d02e5f1d4034b0558ea0c8a2bd246d40f98a614e836e21028eb819b81
Static task
static1
Behavioral task
behavioral1
Sample
66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
pout
leadergaterealty.com
k7bsz.info
laidjapp1.com
eastcountytaxi.com
betterlife-uae.com
materaiku.com
chanhxebinhthuan-hcm.online
06gjm.xyz
67t.xyz
here-we-meet.com
screened-articletoseetoday.info
lucykg.club
mujdobron.quest
susakhi.com
funtabse.com
unlimitedpain.com
2ed58fwec.xyz
weighttrainingexpert.com
allisonsheillax.com
yektaburgers.com
altijdstoer.info
airemspapartments.com
videomuncher.com
centerstagedrama.com
nikkou-toy.store
arequipesymerengues.com
haishandl.com
fy2zy5.com
mailheld.digital
sheepysage.com
fabricadocredito.com
siq212.com
moo-coo.com
hoomxb.net
6s2.space
rsholding.net
castellanacustomboats.online
tremblock.com
ramblingkinkster.com
teamsooners.club
onlinecasino-univ.com
dash8board.com
aichuncha.com
springhilllawn.com
zgluke.com
happynft.agency
urbanempireapparel.com
guanyiren.com
biglotteryking.com
marionkgregory.store
mujeresyaccion.com
smcusa.net
mayyon.net
vivibanca.website
15dgj.xyz
miabossjewelry.com
ideeperloshopping.cloud
healizy.com
huvao.com
huggsforbubbs.com
radiomacadam.online
firirifilms.com
knowhorses.com
chickenbeetlebooks.com
transtarintl.com
Targets
-
-
Target
66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d
-
Size
357KB
-
MD5
b99e10d4eb07e4a986ee92bcf444a7bf
-
SHA1
470d703ad9ea51844f0577d917f7167cc032887d
-
SHA256
66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d
-
SHA512
4914d79035dffa9ef00dc79ac756957a3cf686af41e414836ae0500ec1a9c5084cb77b1a2c1f7ff203d77b9f7897f8de3b38c1aadb36c68aa92d5900b18096b0
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-