General
-
Target
10e55528343098fef510828eea445cddd10d15d04e119ccadc3745c19adc458c
-
Size
384KB
-
Sample
221004-ew6mtsbhfl
-
MD5
a6afd9a11ddb26ea9197b5e6555fd127
-
SHA1
0235b4f30f97002e80903cb123fc31a17c355e5d
-
SHA256
10e55528343098fef510828eea445cddd10d15d04e119ccadc3745c19adc458c
-
SHA512
1e31ea3796cf09e9337eb645489d8de5ef794e5bfeafecb43b1979147eaebe081528d0edee1cf6d1cc8a044c20e2c296204429b5f70b64355ffa90a3046ac1b6
-
SSDEEP
6144:j0YnOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOE:VOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOw
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order MRQ-5525.exe
Resource
win7-20220812-en
Malware Config
Extracted
xloader
2.6
ygkp
cbdlively.com
1nfo-post.com
janejohnsonlmt.com
autotradecryptoswithjack.com
mustang-international.net
dreamthorp.com
alexandratanner.net
exilings.com
gzjdgjg.com
51minzhu.com
wgv.info
raymondjamesconsult.com
omariblair.com
vaalerahealth.com
outdoorvoiceshop.com
spbo.info
blasiandating.online
c01-cdn48-oxble.xyz
mrmycology.com
installturbooax.com
duoxiyuemy.com
creativeartwithcarol.com
jasonatenphotography.net
hhcstarusa.com
91itaogo.com
itubini.com
trypetinsure.com
koushi3737.com
gujiufz.xyz
nereklam.com
greenlandtours.net
furrycutiepet.com
boredmilady.xyz
thepromenadeboutique.com
antoinevigne.com
affinityassurance.ltd
trmstudiotx.com
ganeshpyropark.com
rivaln.net
loupsychiatry.com
ballenasnegras.store
treylonburksjersey.com
cumannstaire.com
vintagemuseumct.com
reich-consulting.com
emmagabriele.com
form4506-t.net
al-muhamdi.com
ggmaprimarycare.com
q0fagmy6x5ctmxn6vykr.com
nqted.com
rebelsoflove.life
birdiecrafts.site
acrostical.info
usarealshop.com
d908.red
vspashkapolya.store
locksmith---pasadena.com
itooktheorangepill.com
findachristianbusiness.com
authorlanijames.com
cryptoreportfraud.com
idolovetheusa.com
moicapitaine.com
southwestcancer.com
Targets
-
-
Target
Purchase Order MRQ-5525.exe
-
Size
322KB
-
MD5
aac47b26622b7b112abb2cf4545409b4
-
SHA1
a1878da3ea31f946527897a759ffb1c9393fe426
-
SHA256
f46d6d7bf1c9f466498c2a11c9c96fcc594c3490db04e763f81e7552f7ae6764
-
SHA512
ec2eb8dc95fab52b7d5a8419dd4727e185b23e355de17fbbd8c512f84f07ac1822307c76f9239861ce6266f4dc71e568c7246c6321da0d02cce0674c231f3ef9
-
SSDEEP
6144:T0YnOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOy:lOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO3
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-