General
-
Target
f97edd735ccb4886c3b30bf6a1bcdaa1aec5f54ea5752c5d755c854af4c8a0f9
-
Size
819KB
-
Sample
220325-1wpj7schc8
-
MD5
aae86c751399a81769300e62ca74d44a
-
SHA1
7d70c984ac73ba36bfd0d0785f29be197f4df813
-
SHA256
f97edd735ccb4886c3b30bf6a1bcdaa1aec5f54ea5752c5d755c854af4c8a0f9
-
SHA512
0af4445a6e4c87298944b0510e234e0aee550a222cf95ca7ae27243e146b6d894b63102eb5156955a4aeb22344b798f5af2d6c5cc7621588ded5e0a4982045c0
Static task
static1
Behavioral task
behavioral1
Sample
f97edd735ccb4886c3b30bf6a1bcdaa1aec5f54ea5752c5d755c854af4c8a0f9.exe
Resource
win7-20220311-en
Malware Config
Extracted
xloader
2.2
chg
ceipsanisidorogiralda.com
mypinglabs.com
grupodicore.com
hondabuilt.com
prets-enligne.com
treatyourdryeyesinfousa.com
newsonedition.com
puppetsforhireband.com
404universal.com
bipoctravel.com
aspiritdigital.com
saib.group
eatonvancewateroakadvisors.com
momoglobalshop.com
reimagineeducationlab.com
looleep.com
facefactorgame.com
paramount-realms.com
saintinnovations.com
hospitaldeanimales.com
theexpgym.com
alfexx2.website
maltarwy.com
ketosnack.net
teacherscache.com
jiemeimeiyiyuan.com
8785160.com
yamadaily.com
wemakeretaildisplays.com
joanters.com
travelspectacularbyd.com
quinoasors.com
linkenvideo078.xyz
luvhouses.com
gaviadventure.com
jecotise.info
les-reseaux-mlm.com
weippay.com
ferienschweden.com
mukhlisdahsyat.com
fexbliz.com
williamsbarbercollege.net
youwearitwell.net
wochay.com
solrtreks.com
mamentos.info
jagannathengineers.com
jrgroupllc.com
perpetual-cash.net
buyatreadmillonline.com
royalfalls.com
grokemail.com
sazonlojano.com
ixzhogkuh.icu
sxzlkd.com
livemusiclearning.com
zoomaconsultation.com
gamedayia.com
gotothisagency.com
diycctvshop.com
blackboarindustries.net
hatano-sekkotsu.com
bloominggraceflower.com
prezihotshot.com
gaokao2020.com
Targets
-
-
Target
f97edd735ccb4886c3b30bf6a1bcdaa1aec5f54ea5752c5d755c854af4c8a0f9
-
Size
819KB
-
MD5
aae86c751399a81769300e62ca74d44a
-
SHA1
7d70c984ac73ba36bfd0d0785f29be197f4df813
-
SHA256
f97edd735ccb4886c3b30bf6a1bcdaa1aec5f54ea5752c5d755c854af4c8a0f9
-
SHA512
0af4445a6e4c87298944b0510e234e0aee550a222cf95ca7ae27243e146b6d894b63102eb5156955a4aeb22344b798f5af2d6c5cc7621588ded5e0a4982045c0
-
Xloader Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-