General
-
Target
5d232981a9fef116e719432313b6493302a3a0fa80a2607616a9ef0de164ebe3
-
Size
980KB
-
Sample
230129-y4xjnsbh84
-
MD5
fb5e1ac4bcbaa69a5c5824113dcc6579
-
SHA1
517257fa761e38fc5a2fcb28b89ed5a64ebceb30
-
SHA256
5d232981a9fef116e719432313b6493302a3a0fa80a2607616a9ef0de164ebe3
-
SHA512
715886a53a794ce02911a14acb15b2383b82583675b9e8b65d140ebc64bbdf68d511073f4c40c7b954495d6aac9af4f269e43e5aa17305845402e30fdd8353da
-
SSDEEP
12288:ec8dySCiSdWunLEQiydW+PWk7iWriyfpbkukWO8Jxde5+Jg0k12HbpGgtVP2lpMR:e1bQyv12Hbk3lpqCwLv/Oh+jWo
Static task
static1
Behavioral task
behavioral1
Sample
5d232981a9fef116e719432313b6493302a3a0fa80a2607616a9ef0de164ebe3.exe
Resource
win7-20221111-en
Malware Config
Extracted
xloader
2.3
tub0
playgeazie.com
blessedmindset.net
alejofaj.com
electricbiketechnologes.com
jmrrealestatellc.com
alphafathers.com
trinityhousegoa.com
trainingrealestateagents.com
esarpfabrikasi.com
bookgallary.com
centralpark-mca.net
killthemessengermedia.com
ayderthermal.com
adsdito.com
findmy-fmi.info
1030aponiplace.com
nachbau.net
richtig-zuhause-lernen.com
wuovcoizph.net
avrplayground.com
miamiimportca.com
henrysmassey.com
truthish.fyi
serildaspeaks.com
the-tagteam.com
s-keer.com
millersgreenacresfarm.com
bodytruffle.com
djtlp.com
buystockswithcreditcard.com
estevezcosmetics.com
fsqlgt.com
rochellparente.com
elepope.com
makiyato.com
standoniner.com
onemicandabunchofothers.com
actranslate.com
jewelstomorejewels.com
xn--d1afwajbhp.site
gogomarketing.xyz
plietea.club
carbon-foam.com
gidanpacouture.com
covidwatcharizona.com
truvizi.com
castleshortage.com
afromesagroup.com
specter.one
mac-compost.com
spicyfilm.com
aslanforklift.com
oka.one
myjewely.com
floridashooters.com
2seamapparel.com
europeanctosummit.com
beyond-cultures.com
cowbex.info
amandawilsonfamilylaw.com
whereisdalie.com
statuniverse.com
nobotsland.net
dateatither.com
ntljcb.com
Targets
-
-
Target
5d232981a9fef116e719432313b6493302a3a0fa80a2607616a9ef0de164ebe3
-
Size
980KB
-
MD5
fb5e1ac4bcbaa69a5c5824113dcc6579
-
SHA1
517257fa761e38fc5a2fcb28b89ed5a64ebceb30
-
SHA256
5d232981a9fef116e719432313b6493302a3a0fa80a2607616a9ef0de164ebe3
-
SHA512
715886a53a794ce02911a14acb15b2383b82583675b9e8b65d140ebc64bbdf68d511073f4c40c7b954495d6aac9af4f269e43e5aa17305845402e30fdd8353da
-
SSDEEP
12288:ec8dySCiSdWunLEQiydW+PWk7iWriyfpbkukWO8Jxde5+Jg0k12HbpGgtVP2lpMR:e1bQyv12Hbk3lpqCwLv/Oh+jWo
-
Looks for VirtualBox Guest Additions in registry
-
Xloader payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-