General
-
Target
7803526144.zip
-
Size
509KB
-
Sample
220804-plxx2sfggj
-
MD5
ccadcf7dfd967cf762c65cf2c723861c
-
SHA1
96fe892c4897d086e35838b9636fddf2c6b70ecb
-
SHA256
7a7e0f16c71d3934e048397686fcb78781c77db16bf0b2f8852a38898d2aecee
-
SHA512
0867c0c7a006c5355a568fd4eeb7ced2af43da848a34866e07469b608d7490d1d4d0724facbcea8bd50cc375053bc504091ead7703495be21abee7c26865bfeb
Static task
static1
Behavioral task
behavioral1
Sample
13bd267ca3d7af495f8cd8f72daf3ea997312671eafe9992a88768e4f3ecc601.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
13bd267ca3d7af495f8cd8f72daf3ea997312671eafe9992a88768e4f3ecc601.exe
Resource
win10-20220722-en
Malware Config
Extracted
xloader
2.5
r007
trashpandaservice.com
mobileads.network
ascolstore.com
gelsinextra.com
bonestell.net
heitoll.xyz
ceapgis.com
mon-lapin.biz
miq-eva.com
rematedesillas.com
playingonline.xyz
hausense.quest
tnyzw.com
appsdial.com
addcolor.city
hagenoblog.com
michaelwesleyj.com
she-zain.com
lorhsems.com
karmaserena.com
avatarrooms.com
friendsofrythmia.com
hdnhwy.com
firstnightfanfiction.net
vixflow.com
b8ceex.com
generatespeed.com
vaps02.com
climate-crisis.team
saturdaynightl.com
baro-drom.com
talleyresort.com
doctruyenovergeared.com
mogli-designz.info
politiciantunnel.com
housesyrron.com
troibrown.com
go-svetovanje.com
littlebittech.com
totallyglamplans.com
primeusatv.com
leifengping.com
halalfreshdelivery.com
gumbosgeorgetown.com
alittleraeoflight.com
xn--tckybzdtby655a5tj.xyz
wgassllc.xyz
craftandcloud.com
attorneyyochum.com
cryptocourse.one
bloomintegratedwellness.com
partypirateboatrentals.com
chainmio-top.xyz
mrjsloan.com
merryutilityservices.net
zglingbishi.com
wytchbytch.com
michigansharkettes.com
gerizon.net
texcelmed.com
cafe21-3.com
freemovies123.online
ungalfresh.com
sendungs.com
iot-vn.com
Targets
-
-
Target
13bd267ca3d7af495f8cd8f72daf3ea997312671eafe9992a88768e4f3ecc601
-
Size
556KB
-
MD5
a505757fb36d0c2945985135b1de90cb
-
SHA1
0f90b28aa225725493ef72a9915bf0c5082ff992
-
SHA256
13bd267ca3d7af495f8cd8f72daf3ea997312671eafe9992a88768e4f3ecc601
-
SHA512
37d993fcb3774673a840d4e13e768c7160120c04746972f8efed6c4687e9872fcc175849193510190fbc5047ce89abcce5c3457955b85e7912c09c12b1f0f011
-
Xloader payload
-
Suspicious use of SetThreadContext
-