General
-
Target
cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af
-
Size
205KB
-
Sample
230129-xvq5vsbg9v
-
MD5
975ea043e07e5b18a36acd47e528fd80
-
SHA1
54ce166f50524e9412ddaa41c2332e78de00734e
-
SHA256
cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af
-
SHA512
7bf4b9f440d582faf803a00383c1748029c1b93964524bfe159264405eac6b6eb957398e5c1c225731fad7509b7a4108803838cfcd9d05a6d04a4b5ad7885c40
-
SSDEEP
6144:r9X0GfUigNb+mlj97SCZs5UkfXbiClgjW3rac0:F0qsbBH70Uk/b5CjWv0
Static task
static1
Behavioral task
behavioral1
Sample
cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af.exe
Resource
win7-20220812-en
Malware Config
Extracted
xloader
2.3
xgxp
sin7799.com
konkondwa.com
fixmylot.com
redbirdscottsdale.com
cotcoservices.com
jonwcvxw.com
scotthaeberletriathlon.com
bob816.com
pinukimgood.life
ambitiondurable-ce.com
jioholdingscorp.com
thisisadreamright.com
asaptebal.xyz
sloanehealth.com
huugmooren.com
birdsbarber.supply
albeider.com
theperfectcolour.com
alibabulilmhouston.com
chaing-list.xyz
furrytail.pet
halloweenmaskdealz.com
tagaschool.com
y2kpigeonclub.net
fadedplastic.com
balconyrepairlosangeles.com
eternalgrove.com
thebarbersparadise.com
viverobonsaimx.com
5996399.com
partes-online.com
petunia.digital
permayogi.com
nextingly.com
pricescloud.com
dj-xhsl.com
hdtvallonline.xyz
pinballphotography.com
tourvirtualonline.com
brownhydrogen.com
betsforfree.com
proprietory.com
neidcard.com
dadi2023.xyz
embedded4all.com
biomedms.com
knucklescrubbersoap.com
francenethomas.net
lokalondon.com
charlestonpest.com
kspublishing.media
customordersbyjyl.com
thewebcam.show
kraso.services
kaffeeatlas.com
gavinpropertymanagement.com
esthetic-cocoro.com
hnezx.com
scoutlo.com
humaproyectos.com
bioinfonet.com
freenetflixaccounts.com
rxdrugrehab.com
gajabcreature.com
eleriwyn.com
Targets
-
-
Target
cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af
-
Size
205KB
-
MD5
975ea043e07e5b18a36acd47e528fd80
-
SHA1
54ce166f50524e9412ddaa41c2332e78de00734e
-
SHA256
cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af
-
SHA512
7bf4b9f440d582faf803a00383c1748029c1b93964524bfe159264405eac6b6eb957398e5c1c225731fad7509b7a4108803838cfcd9d05a6d04a4b5ad7885c40
-
SSDEEP
6144:r9X0GfUigNb+mlj97SCZs5UkfXbiClgjW3rac0:F0qsbBH70Uk/b5CjWv0
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-