General
-
Target
661eda3234e1b3b497701920414c03108188d4e4cadc8a3de7dbda17753c9e09
-
Size
918KB
-
Sample
221125-say8hsab3w
-
MD5
4ad9a15626677976b84e54ea4dde0420
-
SHA1
07c460596177a5c2ef06e16a38658112348a5c79
-
SHA256
661eda3234e1b3b497701920414c03108188d4e4cadc8a3de7dbda17753c9e09
-
SHA512
05528822e2cce1707973d0bcdb661ec677e9991433eef23238d0ae4030909ed8318da1f9e4812d8369d14a71b227f8d62412c95e429ab3fede416816cfb2ac21
-
SSDEEP
12288:h2/pKmJAagHvRnAmqgc/SdORHmV1ujAcV0szEZbnRQuNbNhPDDSXG:h2/pL+RvCT/SoRHmKgszEZNZH4G
Static task
static1
Behavioral task
behavioral1
Sample
doc001876543456781987651000_pdf .exe
Resource
win7-20221111-en
Malware Config
Extracted
xloader
2.6
b6qc
etofood.com
bigtimberroofingnc.com
jacque.doctor
9588uy.site
nosceremonies-lefilm.com
xposetattoosjaipur.com
universalwebbinq.com
klthealthfrancesarl.com
tinyhome.deals
neroivr.com
floridaappeals.net
vladartsmith.com
chatbothealthcare.com
akutansi.online
appointmentcart.com
vertue.xyz
healthplanslakeland.com
es-verification.biz
thatsod.com
521ini.xyz
tarjeteala.store
qamst.com
solutionard.com
ru-xvideos.mobi
resco-pe.com
betmonde581.com
mortgagethru.com
agrimin.store
cateringwarszawa.online
ip-art-gallery.com
rajfillters.com
biwbuyingnow.website
farmdogcanada.com
sdsgmsqnlxs.com
fa1028.xyz
flyvr.xyz
e-lovac.com
creambuyonline.com
payment-travel.com
qfort.xyz
blueskycr.com
plasterprostucco.com
frontflipmarketing.com
jsq2.com
billsweb.site
huafeishiye217.com
pegtarazimod.info
emergencytowingoakforest.com
ptzcnq.com
cd-packaging-solutions.com
faqelectronics.website
xynf03.com
quititamorn.com
nownon.com
dachik.com
hendrecords.com
ready4charging.com
warnor.world
www6658yy.com
scentedejuice.com
goonerfodder.com
outcastclass.com
esmicasasv.com
peopleshous.com
cloudinfra-demo1.net
Targets
-
-
Target
doc001876543456781987651000_pdf .exe
-
Size
857KB
-
MD5
862a815ffdf58d6c2ae62a2948658e74
-
SHA1
df09b761005eba5e45cc3c1503cf2761077d4c49
-
SHA256
c40018a8c58d463f829a97d5c5280c2b5292573cbd321f042e7225db4bff6d95
-
SHA512
95a79ac52b0b36b4232fdd7a49dca9dfd1be0ae5bc9ae98020e4150e8c8d5859103cf8a7d07773f86ee1841939817022071f46e7893c09826ff204ceab690099
-
SSDEEP
12288:L2/pKmJAagHvRnAmqgc/SdORHmV1ujAcV0szEZbnRQuNbNhPDDSXG:L2/pL+RvCT/SoRHmKgszEZNZH4G
-
Xloader payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-