General
-
Target
5c4dd55a06141f850ddcedb9253ed84c
-
Size
757KB
-
Sample
220308-ww2gjsacc3
-
MD5
5c4dd55a06141f850ddcedb9253ed84c
-
SHA1
cf217d41e06f4c35eb00e8ad95bbfcd419a75424
-
SHA256
98c9c20fcffa6fe99c0841a33f4a9283552b9393d958818b9b2b610d5467822e
-
SHA512
f74078346a44c1902ff2a4bb53ba3cd7dda8a957d8a7ee7033a1739c48f33df363efce6235195dbb46ef3ec4814922bfc08c53750a0300fe1085f7d4d9e33232
Static task
static1
Behavioral task
behavioral1
Sample
5c4dd55a06141f850ddcedb9253ed84c.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
p2a5
gorillaslovebananas.com
zonaextasis.com
digitalpravin.online
memorialdoors.com
departmenteindhoven.com
vipulb.com
ruyibao365.com
ynpzz.com
matthewandjessica.com
winfrey2024.com
janetride.com
arairazur.xyz
alltheheads.com
amayawebdesigns.com
califunder.com
blacksource.xyz
farmasi.agency
ilmkibahar.com
thinkcentury.net
eskortclub.com
trc-clicks.com
negc-inc.com
knightfy.com
rentalsinkendall.com
semikron1688.com
755xy.xyz
primespot-shop.com
securetravel.group
luxehairbyjen.com
augpropertygroup.com
xinlishiqiaoqiao.xyz
naggingvmkqmn.online
pynch2.com
awarco.net
booyademy.com
244.house
574761.com
haoshanzhai.com
dubaiforlife.com
acidiccatlsd.com
amotekuntv.com
runfreeco.com
iamaka.net
599-63rdstreet.com
cakeshares.com
evengl.com
joinlever.com
cyberaised.online
genrage.com
walterjliveharder.com
northbayavs.com
spajoo.com
ypkp-com37qq.com
dautucamlam.com
installslostp.xyz
bisbenefits.solutions
espchange.com
exteches.com
utilitytrace.com
468max.com
835391.com
shoptomst.com
pingerton.online
avpxshnibd.mobi
cupboarddi.com
Targets
-
-
Target
5c4dd55a06141f850ddcedb9253ed84c
-
Size
757KB
-
MD5
5c4dd55a06141f850ddcedb9253ed84c
-
SHA1
cf217d41e06f4c35eb00e8ad95bbfcd419a75424
-
SHA256
98c9c20fcffa6fe99c0841a33f4a9283552b9393d958818b9b2b610d5467822e
-
SHA512
f74078346a44c1902ff2a4bb53ba3cd7dda8a957d8a7ee7033a1739c48f33df363efce6235195dbb46ef3ec4814922bfc08c53750a0300fe1085f7d4d9e33232
-
Looks for VirtualBox Guest Additions in registry
-
Xloader Payload
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-