General
-
Target
SecuriteInfo.com.Trojan.DownloaderNET.345.16795.20736.exe
-
Size
235KB
-
Sample
220830-1ea1gsccd4
-
MD5
761e6293c71c28887b2f49ebcf3bc501
-
SHA1
f75107f916dbcf1dfa582081096ac49df75248c2
-
SHA256
112c01d48613316c5620071a1d3900e798d7421445b1a5174b2a56c228c5c3c2
-
SHA512
e56f8fafe7619484dbd02f1f6f6210ac0c1d501fe39b8b76c62cad7d05685127f7309a994b4e950442db8fe001a00f5373e5e1f2b998b8057da8f6c3d0ae3da7
-
SSDEEP
6144:dF4FRne9XGXFby3fgJJF3OmSOlvr018/pUa5Mc:/4veVGVmYJ/3HF1Ua5Mc
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.DownloaderNET.345.16795.20736.exe
Resource
win7-20220812-en
Malware Config
Extracted
xloader
2.6
zgtb
gabriellep.com
honghe4.xyz
anisaofrendas.com
happy-tile.com
thesulkies.com
international-ipo.com
tazeco.info
hhhzzz.xyz
vrmonster.xyz
theearthresidencia.com
sportape.xyz
elshadaibaterias.com
koredeiihibi.com
taxtaa.com
globalcityb.com
fxivcama.com
dagsmith.com
elmar-bhp.com
peakice.net
jhcdjewelry.com
moradagroup.tech
luminantentertainment.com
originalfatfrog.com
istanbulbahis239.com
digismart.cloud
egclass.com
video-raamsdonk.online
enjoyhavoc.online
elegantmuka.com
crememeup.store
gasgangllc.com
worldmarketking.com
johnywan.icu
ctxd089.com
vipbuy-my.com
cboelua.com
sitesv.com
7788tiepin.com
unionfound.com
freecrdditreport.com
symmetrya.online
thinoe.com
line-view.com
immobilien-mj.com
alignedmagic.com
mecontaisso.com
plumberbalanced.com
zhouwuxiawu.com
obokbusinessbootcamp.com
chance-lo.com
jujuskiny.com
kkrcrzyz.xyz
daquan168.com
groupeinvictuscorporation.com
leadswebhosting.com
payphelpcenter950851354.info
subvip60.site
ink-desk.com
luminaurascent.com
jivraj9india.com
topproroofer.com
nxteam.net
can-amexico.com
premhub.club
zs-yaoshi.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.DownloaderNET.345.16795.20736.exe
-
Size
235KB
-
MD5
761e6293c71c28887b2f49ebcf3bc501
-
SHA1
f75107f916dbcf1dfa582081096ac49df75248c2
-
SHA256
112c01d48613316c5620071a1d3900e798d7421445b1a5174b2a56c228c5c3c2
-
SHA512
e56f8fafe7619484dbd02f1f6f6210ac0c1d501fe39b8b76c62cad7d05685127f7309a994b4e950442db8fe001a00f5373e5e1f2b998b8057da8f6c3d0ae3da7
-
SSDEEP
6144:dF4FRne9XGXFby3fgJJF3OmSOlvr018/pUa5Mc:/4veVGVmYJ/3HF1Ua5Mc
-
Xloader payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-