General
-
Target
Ponuda_67483346_Ofertaz_Q248mm2022.arj
-
Size
207KB
-
Sample
221005-qdcsksefbn
-
MD5
f348415daafc989e7381b16beedd8a3f
-
SHA1
b4dc641f0ff6924f3f2d5533ff3e091cf811ee4f
-
SHA256
3c69356d69999b72956a442a63efef53b51b94d281753e228ff1f253768a9e34
-
SHA512
8989b52e5c63aa41efbaa6912a72ce015bbe576307ad65ac599655dd88b18d3a25a04f0112e178c1533b4e62993cc905bcfa57c7e1fc867dbb4b4caafb011ac6
-
SSDEEP
6144:ND/awktSbjl+/MstN76X+p0UJvDGQ/FsB4UG5LubWKlB//Ap:ND/vk0+/hB6X+p04DGSFsB4UG9IXBHAp
Static task
static1
Behavioral task
behavioral1
Sample
Ponuda_67483346_Ofertaz_Q248mm2022.rar
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Ponuda_67483346_Ofertaz_Q248mm2022.rar
Resource
win10-20220901-en
Behavioral task
behavioral3
Sample
Ponuda_67483346_Ofertaz_Q248mm2022.rar
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
Ponuda_67483346_Ofertaz_Q248mm2022.exe
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
Ponuda_67483346_Ofertaz_Q248mm2022.exe
Resource
win10-20220901-en
Malware Config
Extracted
xloader
2.6
mt88
syzbf32.xyz
pertlines.com
vybaveniprocyklostezky.com
elianmsalas.tech
a-snag-tokei-kaitori.com
tuvistaing.com
whoyoucall.net
l8e9gr.xyz
sophrologuemontevrain77.com
ciclean.com
the-roel.com
campgreencove.com
foremostbookkeeping.com
zamanscorner.com
efeturozemniyet.com
penelope.team
murata.life
solfuls.com
tradefitinvesting.com
skinbid.pro
hongyanwulei.com
aifconference.com
happinesssangha.com
microw0rker.com
agcompanion.com
renovacg.com
sisterfuckers.info
bigrockhuntingpreserve.com
loudbodies.info
hcr.store
000006138.com
ganitvigyan.com
libmananforum.xyz
bastianrob.xyz
leafybooster.com
65ratubh3j5fi.xyz
8id9pl8944ktb.xyz
designerinfotech.com
prmainey.com
5092377.com
mayascleanservices.com
selectendeavor.com
qxu0l1pgl9jm1.xyz
yanpoake.com
constructiongst.com
wwwfreemovies2021.com
norsgaard.net
raytan5.com
electricsemiloans.com
modernworklabs.com
sodapins.com
scwsav.com
ihrorg.com
vvv223.com
sofanemphuyen.com
zaqv40.xyz
verdure720.com
mysitetutorial.com
tur-advocates.com
vistadocs.com
kosodate-tiger.com
micahlinacero.com
nusires.com
ardtalscase.com
mariafonsecafreitas.com
Targets
-
-
Target
Ponuda_67483346_Ofertaz_Q248mm2022.arj
-
Size
207KB
-
MD5
f348415daafc989e7381b16beedd8a3f
-
SHA1
b4dc641f0ff6924f3f2d5533ff3e091cf811ee4f
-
SHA256
3c69356d69999b72956a442a63efef53b51b94d281753e228ff1f253768a9e34
-
SHA512
8989b52e5c63aa41efbaa6912a72ce015bbe576307ad65ac599655dd88b18d3a25a04f0112e178c1533b4e62993cc905bcfa57c7e1fc867dbb4b4caafb011ac6
-
SSDEEP
6144:ND/awktSbjl+/MstN76X+p0UJvDGQ/FsB4UG5LubWKlB//Ap:ND/vk0+/hB6X+p04DGSFsB4UG9IXBHAp
Score3/10 -
-
-
Target
Ponuda_67483346_Ofertaz_Q248mm2022.exe
-
Size
271KB
-
MD5
22a4df7a24943c0e6a133cf2dc835fac
-
SHA1
00ca0d802b1412bdef7d6cdcaee1055a8d882999
-
SHA256
c4e3a75d9d824f56a85a5d57f51d6631447cf4b25e535bf0cfc30f89cb2780f3
-
SHA512
6e13d1f6ef8735f6d7790620c18fd64edc582f22d4f47be0f90737d445502797a81ec2fd571226544546242456fb2cd66510dfdddf8d078dde5a70b5a8725e96
-
SSDEEP
6144:dNeZT/9uivR9dYpsMNHYw0fRkaeeFJiX2qJozqP:dN6uG/YpX/XEJ02/w
-
Xloader payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-