General
-
Target
dekont 2022.exe
-
Size
219KB
-
Sample
220419-qgm3qaddb2
-
MD5
b432fee7f4857a9ad25f143b2ac645a9
-
SHA1
cd7beb58da064e0caebcc5604893bb3be6568b45
-
SHA256
413e58ab30e56edfaa7899ebe3fc8655314c993db5a0d1840100752ba6be0be0
-
SHA512
55558e311529a70cbb6406ea0e1bf409328960e23ee0bb961768ea5c11dd2476da8dd2cc12cff2945fc8e97ba9f99342c866c9b91fc47a42e082178bd3144ec8
Static task
static1
Behavioral task
behavioral1
Sample
dekont 2022.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
cbgo
santesha.com
britneysbeautybar.com
sh-cy17.com
jeffcarveragency.com
3117111.com
sobrehosting.net
ddm123.xyz
toxcompliance.com
auditorydesigns.com
vliftfacial.com
ielhii.com
naameliss.com
ritualchariot.com
solchange.com
quatre-vingts.design
lawnmowermashine.com
braceletsstore.net
admappy.com
tollivercoltd.com
vaidix.com
rodrigomartinsadv.com
bouncingskull.com
hamiltonhellerrealestate.com
dream-kidz.com
growupnotgrowold.com
clanginandbangin.com
cornerstone-constructions.com
mcdonalds-delivery.xyz
omnikro.com
nca-group.com
hughers3.com
move-mobius.com
shrivs.com
hoshikuzu-hegemony.com
zpwx17.online
masoncable.com
butecreditunion.com
creativefolksnetwork.xyz
lejanet.com
tacticalslings.club
bestprodutos.com
quirkysoul39.com
sdettest.com
aomendc.xyz
lorticepttoyof6.xyz
nonvaxrnpositions.com
maintainaviation.com
kubanitka.com
fractalmerch.xyz
elbowguru.com
nikiyang.com
cialisactivesupers.com
bestofrochester.info
ynov-rennes.com
saiden8164.com
ffuster.com
papierle.com
dobsonfryedentist.com
rufisquoisedetransit.com
compassionatecuddling.com
kimlady.com
mashinchand.com
semicivilization.com
milamixecommerce.com
ambassadorandceoclub.com
Targets
-
-
Target
dekont 2022.exe
-
Size
219KB
-
MD5
b432fee7f4857a9ad25f143b2ac645a9
-
SHA1
cd7beb58da064e0caebcc5604893bb3be6568b45
-
SHA256
413e58ab30e56edfaa7899ebe3fc8655314c993db5a0d1840100752ba6be0be0
-
SHA512
55558e311529a70cbb6406ea0e1bf409328960e23ee0bb961768ea5c11dd2476da8dd2cc12cff2945fc8e97ba9f99342c866c9b91fc47a42e082178bd3144ec8
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-