Behavioral task
behavioral1
Sample
4944-133-0x0000000000400000-0x000000000042E000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4944-133-0x0000000000400000-0x000000000042E000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
4944-133-0x0000000000400000-0x000000000042E000-memory.dmp
-
Size
184KB
-
MD5
5f2e82317513c1dd8767cae5f0334456
-
SHA1
843ac938ddab331b221d99de6940c732d5b1bcf0
-
SHA256
babb1f48b15e8b7d209f8b8862c881ca7572ff50d590b031cc6249834e099425
-
SHA512
e928bd2e0270b1ce5d5ca53a5d563178be86d967316f1164326073547d683d24d02c9eec8e838ecc6c62c277638d1797fa6cf633115ca24e92e81e54b9a30706
-
SSDEEP
3072:BMMTZoytvEW6xsBmWpq1snUI1w+RBpFSZVLlDYVedR8iyOuT+Ucxx:BMny9CsBc1svqoBpFSZlln5yOuTdcx
Malware Config
Extracted
xloader
2.6
tn61
ryliehorrall.art
mesdco.net
street-art-ink.com
sepetcin.com
stilghar.com
hawaiipooltiles.com
fuerst-von-falkennest.com
totalvirtue.com
xdk0blc0tqy6a7.life
zootowngravel.com
kreditkarten-optionde.com
6888tlbb.xyz
albertakleekai.com
travelnurseinfofinder3.life
valleyinnswat.com
secure-remove-devices.com
digitalswamy.com
www112casinova.com
medifasttrd.com
distritoxermar.com
ebwagner.com
biworker.com
0571kt.net
mjuelaw.com
buildlimitlesswealth.com
wbclips.com
session.care
museatthemill.com
pjhxsl.com
momentums6.com
electricbike.energy
accommodations.network
libroskolibris.com
sejintech.net
parkchestergardens.info
gndgame.info
arcwarp.com
aboveallonline.com
dinotacker.com
ufc188livestreamfree.com
saulomar.com
atmworldexpo.com
chooox.com
admissium.com
dacdem.com
oneruk-chandeliercleaning.com
oyster-iot.cloud
mutinybrewworks.com
yaoih.com
dmitchellpropertiesllc.com
nuoicaymosaigon.com
peacockgotv.com
nextr.xyz
bidvastil.com
shahanhan.com
goodlordy.net
banlyeojob.com
tasteatlus.com
ecotone-os.xyz
urbanartco.com
drecibo.com
davegwatkin.com
pharmiva.net
accordingtopreston.com
blizzardboy.net
Files
-
4944-133-0x0000000000400000-0x000000000042E000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ