General
-
Target
f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200
-
Size
477KB
-
Sample
220131-jk2lyshdf6
-
MD5
24d8977d899a1a4ed4d5b50d1bcfe514
-
SHA1
05dbc5d30a1641b75545bba970686dce16f003bf
-
SHA256
f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200
-
SHA512
fd70ed4097ef60e2c7892f05ef565b071860c599536d9801286ced07018df15f48db76b4f75e1d3f75b2d607e1facf10487bad50590f055a76a5defe112f8c61
Static task
static1
Behavioral task
behavioral1
Sample
f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
xloader
2.5
w6ot
zerodawnprime.com
chunhejingming.com
estrellafiamma.biz
meetbotique.com
westernghatsstudyabroad.com
madysenlenihancoaching.com
c2batlrjm05uzzjnamm8627.com
sasamamai.com
softcherry.club
iputtbetter.store
sointuboete.quest
mahadevwardrobe.online
goedkope-ladegeleiders.online
g3taquotea.info
987vna.club
justdodge.net
b95202.com
dwabiegunyfotografii.com
entrustqlxorx.online
busineschatcom.com
roseevision.com
xn--trigendatynohjaus-8zb.com
aplintec.com
ormetaverse.com
plick-click.com
esd66.com
thgn6.xyz
blazenest.com
monosemic.com
simplesbrand.com
heritagehousehotels.com
cialisactivesupers.com
scottatcomma.com
sgadvocats.com
fuqotechs.xyz
immets.com
middenhavendambreskens.com
fountainsmilford.online
heroesjourneynft.com
dynamo-coaching.com
rinconmadera.com
66p19.xyz
growwgrowth.biz
everydaymagic.kiwi
woruke.online
flamingorattan.com
xn--oprationmyopie-aix-cwb.com
supplementstoreryp.com
shadyoakpress.com
caraygesa.com
dochoismart.com
fl0ki.xyz
khoashop.com
lubi-med.store
carlym.com
modern-elementz.com
blksixtysix.com
ecritcompleanno.com
sharaleesvintageflames.com
merzo.store
lavishlifeplanner.com
castmomo.com
theconflictpost.com
767841.com
gas-fire-distributors.xyz
Targets
-
-
Target
f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200
-
Size
477KB
-
MD5
24d8977d899a1a4ed4d5b50d1bcfe514
-
SHA1
05dbc5d30a1641b75545bba970686dce16f003bf
-
SHA256
f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200
-
SHA512
fd70ed4097ef60e2c7892f05ef565b071860c599536d9801286ced07018df15f48db76b4f75e1d3f75b2d607e1facf10487bad50590f055a76a5defe112f8c61
Score10/10-
Xloader Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-