General
-
Target
MSA, a.s., Hlucinska 641, 747 22 Dolni Benesov, Casablanca.7z
-
Size
1KB
-
Sample
220831-sfbpeahfe7
-
MD5
9fc6fac1d4bee7b5430c2f7d7fce3d4c
-
SHA1
940da96a5f1d4f21b829320993338fb76dd5b8e5
-
SHA256
c81a5fc98250b0d1653613e27ea03196ac6872630164d5036405e4abc1e77166
-
SHA512
695097632b9792bf3de29a3f0b1610ec6cb20d00c5d820233577a215974dc6e64f9f0d6344b4bd1aea58a25a3fa3f53f775a9201471adeb230b42bf1a2ff6ebb
Static task
static1
Behavioral task
behavioral1
Sample
MSA, a.s., Hlucinska 641, 747 22 Dolni Benesov, Casablanca.7z
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
MSA, a.s., Hlucinska 641, 747 22 Dolni Benesov, Casablanca.7z
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
MSA, a.s., Hlucinska 641, 747 22 Dolni Benesov, Casablanca.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
MSA, a.s., Hlucinska 641, 747 22 Dolni Benesov, Casablanca.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
xloader
2.6
zgtb
gabriellep.com
honghe4.xyz
anisaofrendas.com
happy-tile.com
thesulkies.com
international-ipo.com
tazeco.info
hhhzzz.xyz
vrmonster.xyz
theearthresidencia.com
sportape.xyz
elshadaibaterias.com
koredeiihibi.com
taxtaa.com
globalcityb.com
fxivcama.com
dagsmith.com
elmar-bhp.com
peakice.net
jhcdjewelry.com
moradagroup.tech
luminantentertainment.com
originalfatfrog.com
istanbulbahis239.com
digismart.cloud
egclass.com
video-raamsdonk.online
enjoyhavoc.online
elegantmuka.com
crememeup.store
gasgangllc.com
worldmarketking.com
johnywan.icu
ctxd089.com
vipbuy-my.com
cboelua.com
sitesv.com
7788tiepin.com
unionfound.com
freecrdditreport.com
symmetrya.online
thinoe.com
line-view.com
immobilien-mj.com
alignedmagic.com
mecontaisso.com
plumberbalanced.com
zhouwuxiawu.com
obokbusinessbootcamp.com
chance-lo.com
jujuskiny.com
kkrcrzyz.xyz
daquan168.com
groupeinvictuscorporation.com
leadswebhosting.com
payphelpcenter950851354.info
subvip60.site
ink-desk.com
luminaurascent.com
jivraj9india.com
topproroofer.com
nxteam.net
can-amexico.com
premhub.club
zs-yaoshi.com
Targets
-
-
Target
MSA, a.s., Hlucinska 641, 747 22 Dolni Benesov, Casablanca.7z
-
Size
1KB
-
MD5
9fc6fac1d4bee7b5430c2f7d7fce3d4c
-
SHA1
940da96a5f1d4f21b829320993338fb76dd5b8e5
-
SHA256
c81a5fc98250b0d1653613e27ea03196ac6872630164d5036405e4abc1e77166
-
SHA512
695097632b9792bf3de29a3f0b1610ec6cb20d00c5d820233577a215974dc6e64f9f0d6344b4bd1aea58a25a3fa3f53f775a9201471adeb230b42bf1a2ff6ebb
Score3/10 -
-
-
Target
MSA, a.s., Hlucinska 641, 747 22 Dolni Benesov, Casablanca.js
-
Size
4KB
-
MD5
f8a0d1103f19d54f1f7cc98395c5a6e4
-
SHA1
0ec2b47c921a47dfd07d49c5cb4287fc716242a7
-
SHA256
264d299a0fe5adfa13d59156d2c5c39a6646ee96bfa61cbc4a7ef1c7cdd5d44c
-
SHA512
a662f39e395b57193e9c29c23bba261c20e1452a58f24d0312ac6a0511146f9319423b8bb9ff0ac3e73cd49f399fd9edc410c1fe601e5bcb81152ad6a2b4fb46
-
SSDEEP
96:0J9GQhDmAddiwMrgrQR0jMRzpD2z4asg4z4aZn2ne1kK3UC/T9GQXihBJvXogXby:0DGQhxniwMrgrQR0jMRzpD2z4asg4z46
-
Xloader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Suspicious use of SetThreadContext
-