General
-
Target
0be9cac773f0178e65a264a182daa92fd87e6dd3b5cc4e668ff07be97a6cb0fd
-
Size
711KB
-
Sample
220319-wmypasfdb9
-
MD5
96504d73a4bf275b2f47b0a1717d64bc
-
SHA1
9eafbae37517ac17f9a37240d0f8b999a488f23e
-
SHA256
0be9cac773f0178e65a264a182daa92fd87e6dd3b5cc4e668ff07be97a6cb0fd
-
SHA512
00d1362224f85d18ff3f80ec177e04f8d1d23482deeea4d1d94a72de76253a3999f63cb344d5cf5c7c91839ead44c543e8537d1aa23e120674c932a62726c307
Static task
static1
Behavioral task
behavioral1
Sample
0be9cac773f0178e65a264a182daa92fd87e6dd3b5cc4e668ff07be97a6cb0fd.exe
Resource
win7-20220311-en
Malware Config
Extracted
xloader
2.2
chg
ceipsanisidorogiralda.com
mypinglabs.com
grupodicore.com
hondabuilt.com
prets-enligne.com
treatyourdryeyesinfousa.com
newsonedition.com
puppetsforhireband.com
404universal.com
bipoctravel.com
aspiritdigital.com
saib.group
eatonvancewateroakadvisors.com
momoglobalshop.com
reimagineeducationlab.com
looleep.com
facefactorgame.com
paramount-realms.com
saintinnovations.com
hospitaldeanimales.com
theexpgym.com
alfexx2.website
maltarwy.com
ketosnack.net
teacherscache.com
jiemeimeiyiyuan.com
8785160.com
yamadaily.com
wemakeretaildisplays.com
joanters.com
travelspectacularbyd.com
quinoasors.com
linkenvideo078.xyz
luvhouses.com
gaviadventure.com
jecotise.info
les-reseaux-mlm.com
weippay.com
ferienschweden.com
mukhlisdahsyat.com
fexbliz.com
williamsbarbercollege.net
youwearitwell.net
wochay.com
solrtreks.com
mamentos.info
jagannathengineers.com
jrgroupllc.com
perpetual-cash.net
buyatreadmillonline.com
royalfalls.com
grokemail.com
sazonlojano.com
ixzhogkuh.icu
sxzlkd.com
livemusiclearning.com
zoomaconsultation.com
gamedayia.com
gotothisagency.com
diycctvshop.com
blackboarindustries.net
hatano-sekkotsu.com
bloominggraceflower.com
prezihotshot.com
gaokao2020.com
Targets
-
-
Target
0be9cac773f0178e65a264a182daa92fd87e6dd3b5cc4e668ff07be97a6cb0fd
-
Size
711KB
-
MD5
96504d73a4bf275b2f47b0a1717d64bc
-
SHA1
9eafbae37517ac17f9a37240d0f8b999a488f23e
-
SHA256
0be9cac773f0178e65a264a182daa92fd87e6dd3b5cc4e668ff07be97a6cb0fd
-
SHA512
00d1362224f85d18ff3f80ec177e04f8d1d23482deeea4d1d94a72de76253a3999f63cb344d5cf5c7c91839ead44c543e8537d1aa23e120674c932a62726c307
-
Xloader Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-