General
-
Target
2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
-
Size
206KB
-
Sample
230129-xv81nsad82
-
MD5
bdf87b4a29e49c1600fe706db9e8cb32
-
SHA1
b43ee84e788f95271f5605368b4e3889313ad92b
-
SHA256
2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
-
SHA512
bfb44e54994d58110b61e5a63ca9f67acfb01e165dff5892676318504d3a894d4d723b04bb1fd8e2e9550d4ca415ad5affd707528b5b1d694669a0b6edf3c1f6
-
SSDEEP
6144:59X0GphY2H0ThHcKuhcC5KCPizFV3hWO/+r4lxajH2Qqsn:/0AT0TwcK/ZScjWe
Static task
static1
Behavioral task
behavioral1
Sample
2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b.exe
Resource
win7-20221111-en
Malware Config
Extracted
xloader
2.3
jzvu
rezabird.com
amthebomb.com
cqfsc.net
scottgesslerdesign.com
australianhempco.com
digitalkn.com
theoneandonlytattoostudio.com
chaing-list.xyz
technicaljanu.com
tigerkid.net
mels.ink
adassadelacruz.com
deep-freezers.xyz
kundanbangles.com
88840678.com
xiaonaphotography.online
john-heer-stuttgart.com
gumrukihalesi.com
veekasdoshi.com
purathanam.com
thekeycrewshop.com
spinningx.com
icommercehotel.com
ketodietforall.com
vanmarina.com
premierenterpriserealty.com
standingrockcellars.com
cnhongzu.com
yewanfuli.com
kurdishtranslate.com
fionafrenchic.com
reachstudiokenya.com
neutrem.com
continentalhrservices.com
xyfs360.com
phone-avail27.club
funkyoufridays.net
paypalticket5396170.info
intlbazar.com
theflesolay.com
maquinagsmlb.net
treasureislandhunt.com
mehmederdas.com
hayalimofen.net
suspicy.com
beaufortgardenparty.com
sunkistplumbing.com
6116merrittdrive.com
ezbuydomain.com
maxicreamheladeriafruteria.com
butikfitrah.com
texasairwaydentist.net
hayatbirliktekolay.com
disinfectmylawofficeindy.com
hippopotames-consultants.com
sonicrings.net
itsukayamamura.com
shfhm.com
xiaoshuxiongvip.com
g-stone.art
hinjt-niyp.xyz
amarisworstell.com
theneverendingbedtimestory.com
vestnets.net
fountainhead410.com
Targets
-
-
Target
2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
-
Size
206KB
-
MD5
bdf87b4a29e49c1600fe706db9e8cb32
-
SHA1
b43ee84e788f95271f5605368b4e3889313ad92b
-
SHA256
2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
-
SHA512
bfb44e54994d58110b61e5a63ca9f67acfb01e165dff5892676318504d3a894d4d723b04bb1fd8e2e9550d4ca415ad5affd707528b5b1d694669a0b6edf3c1f6
-
SSDEEP
6144:59X0GphY2H0ThHcKuhcC5KCPizFV3hWO/+r4lxajH2Qqsn:/0AT0TwcK/ZScjWe
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-