General
-
Target
ebd95b71b4b54bc4c3b43e09447bf288498b33409e26832db137b105527ba6da
-
Size
464KB
-
Sample
220616-tsrf3aaed8
-
MD5
b1179ef278cde5dd4ce5a2d880688581
-
SHA1
c611c9e61ac32f9255e906492b56f5987e675151
-
SHA256
ebd95b71b4b54bc4c3b43e09447bf288498b33409e26832db137b105527ba6da
-
SHA512
dbaec6a95935ac8839beeafbc34bf018a5d16ae9385ed72734aafb70cbd2e78d9ecb7a5242ad9aa4655bfa0705d7c5c7308378d630b5631090b9dbf7c35a8b09
Static task
static1
Malware Config
Extracted
xloader
2.6
tpix
jsbbfp2p.com
bioindonbest.com
shjgswkj.com
melaninexperience.com
businessbancomat.com
kaatsu-chiro-studio.com
simplybans.com
ncdm.xyz
assistedlivingabuse.com
stacykinglc.com
oklahomahomesbytamara.net
magneticcompany.com
forwardinchristmagazine.com
tomasarkar.com
atterwet.xyz
day70.com
charlysstore.com
homestartuganda.com
alternative-nursing.com
novamateria-vida.xyz
do-cafe.com
stocklax.com
sdracius.com
bloktopiaweb.com
angelsconsulting.info
raretipsandtricks.xyz
fullvaluetech.com
theheartoftouch.com
grindset.coffee
superandohoje.site
fishmichiganwithted.com
xthomas.cloud
ifilehippo.com
advanceddentalprosthetics.com
planaria-mf6.com
lexus-specials.com
796glenwood.info
hsbc-valid.com
polyanthaksa.com
mergecrystal.com
reelfishinchartersalabama.com
yachterpremium.com
slrzx.com
wohh.net
pactodamediocridade.com
totomirror.com
thelkit.com
franklinmerritt.com
overbroaden.com
willamak.com
monkei-poki.xyz
unidljkt.com
correaconsultant.com
rannsinghsandhu.com
manutencao.xyz
integratrucking.com
andrew-fan.com
cannongoldbk.com
bonusfeaturepodcast.com
digitalguestpost.com
rasones.com
chahal.club
luxlbp.com
sometimeshurray.com
adcompendium.com
Targets
-
-
Target
ebd95b71b4b54bc4c3b43e09447bf288498b33409e26832db137b105527ba6da
-
Size
464KB
-
MD5
b1179ef278cde5dd4ce5a2d880688581
-
SHA1
c611c9e61ac32f9255e906492b56f5987e675151
-
SHA256
ebd95b71b4b54bc4c3b43e09447bf288498b33409e26832db137b105527ba6da
-
SHA512
dbaec6a95935ac8839beeafbc34bf018a5d16ae9385ed72734aafb70cbd2e78d9ecb7a5242ad9aa4655bfa0705d7c5c7308378d630b5631090b9dbf7c35a8b09
-
Looks for VirtualBox Guest Additions in registry
-
Xloader Payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-