General
-
Target
0.exe
-
Size
163KB
-
Sample
230120-wttc6ahb79
-
MD5
a4a9a8d2a7bfdcc21c51a2b2015e6de9
-
SHA1
5ce069dd1c3bc14adbf6629d30350999f42dd6ab
-
SHA256
223430a82147cb3fdb9c50c0f133c766c42a24ac655406dd908d198a8334dcda
-
SHA512
86ebdabf102aafb0a4ca5be2446bc6a533e595856f47ff50ac2fe7f71d045576cd684c7a42870bae4f8c65f2f8262fa828058bab51c94f6b8cc7ad92153266aa
-
SSDEEP
3072:38JCSpCjqSQeAdXZGMy0evnZqQso21HZWgO9b75Gz63WPA0rA:3tC0gIMHSZqQso2qgO9btG+3W40
Behavioral task
behavioral1
Sample
0.exe
Resource
win7-20221111-en
Malware Config
Extracted
xloader
2.5
2bun
istanbulescort1.xyz
sh1rt.online
digitalmarmot.com
worldscoolesthifi.com
zorgportaalmdn.store
bswys.com
las3curiosas.com
ucokisal.com
xn--j1ad.net
myoveragerecovery.com
eltool.net
shungiteglobal.com
telenor-no.com
xulonrobotics.com
soyredy.com
1forall.info
patsyzeitlin.com
hellocs.xyz
hasundue.net
dein-urkundenrahmen.com
1w3.space
billionaireglobal.university
dexservers.com
gabriellasexwale.com
scientechnic-lighting.com
keenflat.com
huecoffeelab.com
homeonlineinsurance.com
ztjpyxgs.com
unviajeinsospechado.com
rentaofyr.com
griggwealth.group
aerodomnan.com
schonheitschirurg.online
radiocheck24.com
heliomedia.tech
rocotemenevi.quest
vabycuo6.xyz
tacticalbow.us
nvtdigital.com
1712fillmore.com
lovecommunityllc.net
xecutivesmultiservices.com
skr0212.xyz
statewidedispatcher.com
supportkey.xyz
beautifulfloralshop.com
solarstrom.xyz
selectbrandhub.com
varinoar.com
parcels12.cc
cubares6.com
k9e8axr6bn2z.biz
divagirldesigns.club
awataraubud.com
loudcloset.com
zenfusion.art
tpctpc.xyz
albaelectric.info
dy518777.com
twisteid.com
vatgia9.com
kylirjenner.com
gruppocicala.com
chou0212.com
Targets
-
-
Target
0.exe
-
Size
163KB
-
MD5
a4a9a8d2a7bfdcc21c51a2b2015e6de9
-
SHA1
5ce069dd1c3bc14adbf6629d30350999f42dd6ab
-
SHA256
223430a82147cb3fdb9c50c0f133c766c42a24ac655406dd908d198a8334dcda
-
SHA512
86ebdabf102aafb0a4ca5be2446bc6a533e595856f47ff50ac2fe7f71d045576cd684c7a42870bae4f8c65f2f8262fa828058bab51c94f6b8cc7ad92153266aa
-
SSDEEP
3072:38JCSpCjqSQeAdXZGMy0evnZqQso21HZWgO9b75Gz63WPA0rA:3tC0gIMHSZqQso2qgO9btG+3W40
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-