General
-
Target
04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92
-
Size
622KB
-
Sample
220708-vtkkksbgam
-
MD5
c8c8329d0d21f5fc7488cd7b9fb5eb41
-
SHA1
9d7058e8c3f75461274f5c5250c18e6eaf0b2a6e
-
SHA256
04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92
-
SHA512
0e393ca6720e2144b0f1ad3b074c2d55c7363d1ac17adf0f383811110f7c7adde26a93f7984eaf8138755e08d60a1be40c576f13756e782db574a4ea17bebd72
Static task
static1
Behavioral task
behavioral1
Sample
04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.2
chg
ceipsanisidorogiralda.com
mypinglabs.com
grupodicore.com
hondabuilt.com
prets-enligne.com
treatyourdryeyesinfousa.com
newsonedition.com
puppetsforhireband.com
404universal.com
bipoctravel.com
aspiritdigital.com
saib.group
eatonvancewateroakadvisors.com
momoglobalshop.com
reimagineeducationlab.com
looleep.com
facefactorgame.com
paramount-realms.com
saintinnovations.com
hospitaldeanimales.com
theexpgym.com
alfexx2.website
maltarwy.com
ketosnack.net
teacherscache.com
jiemeimeiyiyuan.com
8785160.com
yamadaily.com
wemakeretaildisplays.com
joanters.com
travelspectacularbyd.com
quinoasors.com
linkenvideo078.xyz
luvhouses.com
gaviadventure.com
jecotise.info
les-reseaux-mlm.com
weippay.com
ferienschweden.com
mukhlisdahsyat.com
fexbliz.com
williamsbarbercollege.net
youwearitwell.net
wochay.com
solrtreks.com
mamentos.info
jagannathengineers.com
jrgroupllc.com
perpetual-cash.net
buyatreadmillonline.com
royalfalls.com
grokemail.com
sazonlojano.com
ixzhogkuh.icu
sxzlkd.com
livemusiclearning.com
zoomaconsultation.com
gamedayia.com
gotothisagency.com
diycctvshop.com
blackboarindustries.net
hatano-sekkotsu.com
bloominggraceflower.com
prezihotshot.com
gaokao2020.com
Targets
-
-
Target
04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92
-
Size
622KB
-
MD5
c8c8329d0d21f5fc7488cd7b9fb5eb41
-
SHA1
9d7058e8c3f75461274f5c5250c18e6eaf0b2a6e
-
SHA256
04fa3af64200a6958f5bf895e14106a311ac5d2c07abcb4ef8f6bf391945ce92
-
SHA512
0e393ca6720e2144b0f1ad3b074c2d55c7363d1ac17adf0f383811110f7c7adde26a93f7984eaf8138755e08d60a1be40c576f13756e782db574a4ea17bebd72
-
Xloader payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-