General
-
Target
SWIFT_017447774775848493948849338283743_pdf.exe
-
Size
435KB
-
Sample
220310-gevv4seca5
-
MD5
ece94abdc2bafaaf6e9bf7efc38e3ea9
-
SHA1
2bec8d6d5c908506cc64452b8601b51d08b45cb9
-
SHA256
b4bc1b06cda923911c889c35ae5b4ddc8b2a999140ae1a66a50844989e7d1767
-
SHA512
dcd5d659b2b52bf79db3f07e51f6b5b0464c12e44010c0efe970bab3481a47d3beae2d674b852ec70577fdbf7eb3c8d3fa177cd82b811ee4845246757d8943d3
Static task
static1
Malware Config
Extracted
xloader
2.5
ubqk
tundrat-celltherapy.com
superfinance.club
5x5week.com
687504.com
clarkdn.com
potterypklsck.xyz
4m5k.com
21t8.com
94o2ohfjg.com
bhupendratravels.com
nomadashop.com
w388bet.bet
naturalenetwork.net
tupaqu.com
osooir.com
jengly.com
cbsharjah.icu
tokowallpaperbekasi.com
baggamut.com
upoon81.com
thenewfitnessheros.com
uplearns.info
ansp3.xyz
alamocitywrap.com
queroseusucesso.com
stoneandreesteam.com
sdtcm.quest
bicoastalhempconnect.com
northcarolinahempcrete.com
frator.xyz
arches2.com
reyuzed.com
klamc.xyz
fesoftware.net
montecristo.network
enrolltx.com
xebervaxti.info
kioskpass.com
obio-energi.com
metamode.xyz
linyiqingzhou.com
lawajay.com
compmastrdocxc.store
artscience.xyz
graphic-touch.com
metaversetoken.digital
candgconstructiontx.com
insighttactics.net
ameripriseonnet.net
llaa12.xyz
taoluzhibo.show
biensetservicesenlimo.com
hospifancy.com
marmitafitcomamor.space
anapriscilamarketing.com
falak-online.com
gvcthailand.com
xalixiang.com
atencionespecializada24hrs.com
bravasestudio.com
chek-enterprises.com
zikdating.com
dolphincomputergsk.com
tara88.com
3cnew.com
Targets
-
-
Target
SWIFT_017447774775848493948849338283743_pdf.exe
-
Size
435KB
-
MD5
ece94abdc2bafaaf6e9bf7efc38e3ea9
-
SHA1
2bec8d6d5c908506cc64452b8601b51d08b45cb9
-
SHA256
b4bc1b06cda923911c889c35ae5b4ddc8b2a999140ae1a66a50844989e7d1767
-
SHA512
dcd5d659b2b52bf79db3f07e51f6b5b0464c12e44010c0efe970bab3481a47d3beae2d674b852ec70577fdbf7eb3c8d3fa177cd82b811ee4845246757d8943d3
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-