General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.23022.19757
-
Size
464KB
-
Sample
220616-nzkzzahcc7
-
MD5
be8b5906f3d79b9379f13a88ec42d218
-
SHA1
869fd98dc84134265c27de26dcbf4dae74204713
-
SHA256
15445c010256a178c467773e86678ecdc33bc8519e4edb3703a1b3b17622f805
-
SHA512
f3abb8fddf2bcbadaf11be50ca956903a256443c1f2e52ec0fae6f8f38132282465c79cf15cfc71ae2e11b0569163625dd8bdfd2413d0cb62d81e981794d4ce4
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.23022.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
grh2
xk0brx90clasle.xyz
xu0dmczr2rl4f5.xyz
ethiou.com
holtanalytical.site
bdswissminingtech.com
kardspodcast.com
phoenixtx.net
worldsriot.com
xn--cssvis15p.top
aydenalice.com
vinnyandfrens.com
greks33.com
clickintestinal.com
manningscr.com
ptryiuhfdsbc9522.xyz
cottageindentchi.xyz
ekknag-udps.tech
thedwordbydh.com
veganin.tech
leon-bet-uz.com
talkytroop.online
spikeserver.xyz
fnkg5xru.xyz
carefreeadventurer.com
elitetoronto.net
mysaucan.xyz
jnsmxyl.com
velas.group
wecanistanbul.com
kansashealthsystem.net
ephemeraunlimited.com
tadesseautoservice.com
ventadecasasenanapoima.com
rentcamperitaly.com
beinglaboratory.net
containercapsptyltd.xyz
mobilenotaryconnection.net
rkbet51.xyz
renewy.cfd
chengdubangdao.com
fb7w.com
dx672.com
mimaed.com
ygocard.xyz
catdp.com
vietcrawl.com
bodog-review.com
humoradvocate.com
palswalk.com
wallet-poocoin.com
webdoan.online
interest-spot.com
fashionrongo.com
fjg0042.xyz
doctormoonhattan.xyz
rbtez7.store
marcelhladik.online
biu3w8.com
stpaulumcjbr.com
hsy-iso.com
printcubetechnologies.com
xn--feiwrgli-3za.com
bowt.us
w8spdfxooi.xyz
shop4scrubs.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.23022.19757
-
Size
464KB
-
MD5
be8b5906f3d79b9379f13a88ec42d218
-
SHA1
869fd98dc84134265c27de26dcbf4dae74204713
-
SHA256
15445c010256a178c467773e86678ecdc33bc8519e4edb3703a1b3b17622f805
-
SHA512
f3abb8fddf2bcbadaf11be50ca956903a256443c1f2e52ec0fae6f8f38132282465c79cf15cfc71ae2e11b0569163625dd8bdfd2413d0cb62d81e981794d4ce4
-
Xloader Payload
-
Suspicious use of SetThreadContext
-