General
-
Target
e50a6adc3a4af45a5cfac4a213be964aa7ed0db5eb8b13ed7c4fc99e160cbc67
-
Size
252KB
-
Sample
220414-rkjedafda8
-
MD5
36733a707992f4e84c54691d69302a6e
-
SHA1
b6b4d5ae64717dea9492000e317fc370fa37b0fc
-
SHA256
e50a6adc3a4af45a5cfac4a213be964aa7ed0db5eb8b13ed7c4fc99e160cbc67
-
SHA512
e4a7f86fdbef37b09a6609fdbae47340489e81813b39b0717adee5424ee84a2e419db87b0b62ece43cd99744db89f903bb1285d88d204655beccd4502db0f1f7
Static task
static1
Behavioral task
behavioral1
Sample
PO930832084.exe
Resource
win7-20220331-en
Malware Config
Extracted
xloader
2.0
b6fg
multlockmt5.com
mohajrannoor.com
robynhoodofretail.info
belinv.com
hotellasab.com
kibrismosad.com
xn--fxwm39aeb590h.xn--io0a7i
resetbrasil.com
tcsonhvac.com
theresav.net
bohoqi.info
machinafuturae.com
mambavault.com
xn--980am9a.top
yumiang.com
evntmonitor.com
83003kk.com
triterm.com
8800pe.com
silvanstudio.com
taragon-entertainment.com
ahly-live.com
ucpprint.com
betscrum.com
homehit.house
taab3.net
martiswatches.com
cartel-sinaloa.com
flyfuncenter.com
lezhen.top
aiotstairlift.com
selfless-entrepreneur.com
easttaiwansurftrip.com
descubriendonoruega.com
wicoru.com
tacmktg.com
callisterlawgroup.com
khogiaychinhhang.com
hobianak.com
pole-entrepreneur.net
callumjcummings.com
sgknox.com
xn--zuneauspolen-gcb.com
wwwjinsha622.com
everyoneschocolate.com
medlplayground.com
honeynray.com
whackajudge.com
alwarren.com
venglishhouse.com
quantumpearlpoc.com
movie4in.com
vytalhealthcare.com
sportsempires.com
xinhby.com
296djw.info
biblebeater.com
e-jie360.com
lemarcoambar.com
thekoulenresidence.com
iejel.com
sha256.equipment
j12mfg019y.com
clearlyconversing.com
magentos.info
Targets
-
-
Target
PO930832084.exe
-
Size
341KB
-
MD5
370cdd4fca95e154659920f86124091b
-
SHA1
70fc058fe1dda4ed6b00da429e3849d11d1127f8
-
SHA256
00668e0dac77414a7a5fc8df4867e3a75fc928cdd97b57c068edb11522fecf97
-
SHA512
7d23b4ab99551a5b57d93d77953b9fa7702916c0cd6bbef263526d165a5dcd7825f17fba74797027ad456b3a7a3d35b1c066861fea583420389f984aadb831df
-
Xloader Payload
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-