General
-
Target
Invoice&shipments documents.exe
-
Size
68KB
-
Sample
220816-hnl51agdc5
-
MD5
851f82e1941a676ce825320ebff94857
-
SHA1
30b9dbf2b97c20401b42188a335897994bce073e
-
SHA256
724856634d2e8796b6f0b6950ebdf98d32679ed73a8a65b995447ecd9098a0dc
-
SHA512
33f78bad1244d8c4859c1ed2f2276d10e821b14485213291cdb8d546415177884e8dfa710cbc48937d62eb8d75716b212c5811e5499a97de9de2a9cca83a408e
Static task
static1
Behavioral task
behavioral1
Sample
Invoice&shipments documents.exe
Resource
win7-20220812-en
Malware Config
Extracted
xloader
2.9
v4qp
je1XQKU1LfJPVLk=
nvf41a7FsTLs6uB/g+CR
U7mryF6DctZn6GEjr9Bm4g==
1SONGrPdh7wGEOXp3g==
2xX859r7qOFq7GYkr9Bm4g==
IYtzVUx0Oo0HmZawLQAARDvBf4dL
NH3iuBPNSzZTvpw/4KaG
rDehfiqIPbdMBS8G1g==
xhb2uJ0eBwo7k3djqxh60xoNt4VoeQ==
AFtKux3JgPGRkx3xUsciR6piSg==
m+3VoJadWcBvOAPpzKUNPoAxyplS
1DWKULdka3mxIKhEqGxQr7gxyplS
DGlFGBqWi5CtrCX9alyTuPzq
muvVM4slyTfxORwAZisVksCM78aSEVo=
D3biNgUbyg9E5pl+
/+1QLPssvl/Xxg==
I4lzTjaAcc1iBS8G1g==
wSwc4MmbShojhlZCrniTuPzq
jN5YO6ZXSfJPVLk=
4TUS4+ANuqHCRTM9sniTuPzq
7Ssfd9ru/HPzWMZ42Z+E
TJl+UkzTsY6g86lyegOU3gw=
0juvfNqRgmJwwpc/4KaG
WJuGVDdhQj1Ux5s/4KaG
FHdjPTRtZc1rPwr8zUQfXogxyplS
1yUI9+gAwMPuYMWALzWc+w==
CW1UNSZVQKAlmQep/XYDYGot8HZX30M=
vRqFbt1zJfH304GOeAOU3gw=
P5CIQS65moOingakeAOU3gw=
d9dBqqBI+vgR0Q==
1zElifgR7DjBQhEgnWqTuPzq
Z60BYmHr5eHr4qiedQOU3gw=
HWU4MRo7NYMKvenJppIKPWxeSQ==
e3BN71BTWfJPVLk=
wy7WdMhKC6ZIBS8G1g==
XquYfmaLfMtjMdvi0UJCve3YPQ9/3VBp
KZGA1zHJgWB5XAUCtW5auQQ=
xiMia8hyQfJPVLk=
fs3InobYUU1v
g/FWtqk8QVV2fvykeAOU3gw=
Gk0rieTkzD/cYMxmtQij4wb9
sQ92QpZSTOWOi15IKJWeEYMaENE=
DmfkxD7hjeFXBS8G1g==
AF/WMxGNm+1qwhvu59Ziy96hOpN/3VBp
mPxzMqdFvl/Xxg==
wbYTecjCf2dE5pl+
bM22jGRvLWbm3dd/g+CR
3T4iifwiBwdGDun0r9Bm4g==
hd/Zp4qeQhkDA7I+sXVavwQ=
Y6UNZTVzVVVE5pl+
4V68Jxr1n3hpa/igeQOU3gw=
oxRu5bztvl/Xxg==
IoXeT3nFp316WK0=
LSJ+4y5JmmIN3w==
svtsPL5PAtT1ZVBKmNxkR6piSg==
Tqv+1CqslWNp1Z1v4rzl6xM=
nOjWOqSkigqvKn8jr9Bm4g==
5vNHav9pXUs=
51u5hOzjug9E5pl+
BV3fNCavl2Z69CjsSAHGFiPi
Pov+YD5zJgUUinyAxxhVrb6W7saSEVo=
sfvz0cLqvl/Xxg==
MZ0a3y3CnzpW1DsSU01xouShpVtF
ogaE4dJvYFB76MzDJpoQR6piSg==
erilb.com
Targets
-
-
Target
Invoice&shipments documents.exe
-
Size
68KB
-
MD5
851f82e1941a676ce825320ebff94857
-
SHA1
30b9dbf2b97c20401b42188a335897994bce073e
-
SHA256
724856634d2e8796b6f0b6950ebdf98d32679ed73a8a65b995447ecd9098a0dc
-
SHA512
33f78bad1244d8c4859c1ed2f2276d10e821b14485213291cdb8d546415177884e8dfa710cbc48937d62eb8d75716b212c5811e5499a97de9de2a9cca83a408e
-
Xloader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-