General
-
Target
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
Size
556KB
-
Sample
221130-p1zp7aed6y
-
MD5
e866034515b719467290d53f5919d599
-
SHA1
8cab0abfaaa087630930df86c8e25d5c9123dc75
-
SHA256
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
SHA512
a2601cfe472869b73fcec91aa03263ad74e49f2862d5dd22256376acf5002102c4f197a74116ebdafdd95744bf3c57a436c6a2e1850cf85351c3a9aafa48319d
-
SSDEEP
6144:Kd5DMAYloj1/L8YEAQwgG5hUQf+a/07WbvW17ZdhG3uK1gSySxfcph:Kd5DMAzjN4YEAFdmaM6UjhCu+gSeph
Static task
static1
Behavioral task
behavioral1
Sample
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xloader
2.3
h3qo
dhflow.com
jyindex.com
ezcleanhandle.com
trungtamcongdong.online
simsprotectionagency.com
easylivemeet.com
blackvikingfashionhouse.com
52banxue.com
girlsinit.com
drhemo.com
freethefarmers.com
velvetrosephotography.com
geometricbotaniclas.com
skyandspirit.com
deltacomunicacao.com
mucademy.com
jaboilfieldsolutions.net
howtowinatblackjacknow.com
anytimegrowth.com
simranluthra.com
thefinleyshow.com
basalmeals.com
esurpluss.com
hrbjczsfs.com
tourphuquocnguyenhien.com
mxprographics.com
themetaphysicalmaster.net
directorystar.asia
thehomeofdiamonds.com
riqinxin.com
covicio.com
sciineurope.com
womensportclothes.com
celestialchimes.net
lotsmen.com
hi-rescloud.net
lewisnathaniel.com
ageonward.com
eyetownglasses.com
bingent.info
matildealvaradovera.com
otorrinonews.com
cdeg898.com
lexingtoncoorgresort.com
minidachshundpups.com
tools365-shop.com
romancingtheeras.com
residentmining.com
aquaflowsprinklers.com
crackapks.com
caffeinatedeverafter.com
sureyyapasa.net
strawberryhearts.com
ptgo.net
devyshkam.com
thethrottletherapy.com
givelyrics.com
signaturepsinc.com
mersinsudunyasi.com
fivedayskitchen.com
fefebeauty.com
long0001.com
hmm40.com
claracarbon.com
elevatedenterprizes.com
Targets
-
-
Target
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
Size
556KB
-
MD5
e866034515b719467290d53f5919d599
-
SHA1
8cab0abfaaa087630930df86c8e25d5c9123dc75
-
SHA256
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
SHA512
a2601cfe472869b73fcec91aa03263ad74e49f2862d5dd22256376acf5002102c4f197a74116ebdafdd95744bf3c57a436c6a2e1850cf85351c3a9aafa48319d
-
SSDEEP
6144:Kd5DMAYloj1/L8YEAQwgG5hUQf+a/07WbvW17ZdhG3uK1gSySxfcph:Kd5DMAzjN4YEAFdmaM6UjhCu+gSeph
-
Xloader payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-