General
-
Target
bab78a45af95c68f607e3d89d917e19e
-
Size
327KB
-
Sample
220421-j7ka7adhc8
-
MD5
bab78a45af95c68f607e3d89d917e19e
-
SHA1
4a169a2d700be6cc4cd94b29d61621d4c2fb83fa
-
SHA256
7443dce18b5523225353847f6dd17a2ec244c6c32e7f72df3937d2f85d74cff6
-
SHA512
f837edda0365fce8543934b76b3dccca85aa4b583e8285b32d6a7f09c863f288a4eef75dcda73cd47ebca99ce4e1042b75e8fa6f124c5599b37bd7a3ca9bb848
Static task
static1
Behavioral task
behavioral1
Sample
virement.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
cbgo
santesha.com
britneysbeautybar.com
sh-cy17.com
jeffcarveragency.com
3117111.com
sobrehosting.net
ddm123.xyz
toxcompliance.com
auditorydesigns.com
vliftfacial.com
ielhii.com
naameliss.com
ritualchariot.com
solchange.com
quatre-vingts.design
lawnmowermashine.com
braceletsstore.net
admappy.com
tollivercoltd.com
vaidix.com
rodrigomartinsadv.com
bouncingskull.com
hamiltonhellerrealestate.com
dream-kidz.com
growupnotgrowold.com
clanginandbangin.com
cornerstone-constructions.com
mcdonalds-delivery.xyz
omnikro.com
nca-group.com
hughers3.com
move-mobius.com
shrivs.com
hoshikuzu-hegemony.com
zpwx17.online
masoncable.com
butecreditunion.com
creativefolksnetwork.xyz
lejanet.com
tacticalslings.club
bestprodutos.com
quirkysoul39.com
sdettest.com
aomendc.xyz
lorticepttoyof6.xyz
nonvaxrnpositions.com
maintainaviation.com
kubanitka.com
fractalmerch.xyz
elbowguru.com
nikiyang.com
cialisactivesupers.com
bestofrochester.info
ynov-rennes.com
saiden8164.com
ffuster.com
papierle.com
dobsonfryedentist.com
rufisquoisedetransit.com
compassionatecuddling.com
kimlady.com
mashinchand.com
semicivilization.com
milamixecommerce.com
ambassadorandceoclub.com
Targets
-
-
Target
virement.exe
-
Size
192KB
-
MD5
ace33d540a6a1564d93f63ca8e23e49f
-
SHA1
f7882beb571b12a4d2100672636e93d56fe76591
-
SHA256
706b938fc167d7ed1747b35cdbd650d476b210ef0c131d76b2e4269f1ab64142
-
SHA512
28bb6d85e81ee4b5e79921776eaae7e38386b6423fcf6ef139e6d8c45ed3585b1df0fe4340215fc2fda3b21e38687bc2514dd525e5ff210731eac7d744b88727
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-