General
-
Target
Boat Payment Copy.exe
-
Size
301KB
-
Sample
220321-py4alaccc4
-
MD5
5978c05476263bda7d960999d199231b
-
SHA1
ddb2e6c5412027261ca3f339e73a309451aa88b0
-
SHA256
7de9f7a81557d4a2a6818b50b8f8ab8948ce6329bf1c696d038e1231237a07d0
-
SHA512
7edb0538af7dec08f7f5150b26c525cd2bd4d101a08dec8d48e64619206006ba1daa489ef6c9be2db496832add886da040ef0730320558e4dc5ca0b30a81f65e
Static task
static1
Behavioral task
behavioral1
Sample
Boat Payment Copy.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Boat Payment Copy.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
xloader
2.5
ubqk
tundrat-celltherapy.com
superfinance.club
5x5week.com
687504.com
clarkdn.com
potterypklsck.xyz
4m5k.com
21t8.com
94o2ohfjg.com
bhupendratravels.com
nomadashop.com
w388bet.bet
naturalenetwork.net
tupaqu.com
osooir.com
jengly.com
cbsharjah.icu
tokowallpaperbekasi.com
baggamut.com
upoon81.com
thenewfitnessheros.com
uplearns.info
ansp3.xyz
alamocitywrap.com
queroseusucesso.com
stoneandreesteam.com
sdtcm.quest
bicoastalhempconnect.com
northcarolinahempcrete.com
frator.xyz
arches2.com
reyuzed.com
klamc.xyz
fesoftware.net
montecristo.network
enrolltx.com
xebervaxti.info
kioskpass.com
obio-energi.com
metamode.xyz
linyiqingzhou.com
lawajay.com
compmastrdocxc.store
artscience.xyz
graphic-touch.com
metaversetoken.digital
candgconstructiontx.com
insighttactics.net
ameripriseonnet.net
llaa12.xyz
taoluzhibo.show
biensetservicesenlimo.com
hospifancy.com
marmitafitcomamor.space
anapriscilamarketing.com
falak-online.com
gvcthailand.com
xalixiang.com
atencionespecializada24hrs.com
bravasestudio.com
chek-enterprises.com
zikdating.com
dolphincomputergsk.com
tara88.com
3cnew.com
Targets
-
-
Target
Boat Payment Copy.exe
-
Size
301KB
-
MD5
5978c05476263bda7d960999d199231b
-
SHA1
ddb2e6c5412027261ca3f339e73a309451aa88b0
-
SHA256
7de9f7a81557d4a2a6818b50b8f8ab8948ce6329bf1c696d038e1231237a07d0
-
SHA512
7edb0538af7dec08f7f5150b26c525cd2bd4d101a08dec8d48e64619206006ba1daa489ef6c9be2db496832add886da040ef0730320558e4dc5ca0b30a81f65e
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-