General
-
Target
ba80a5efff5dcb59efb1cd4fd12ac508b6e1fb9774d119893fb721b2d1d8f8cb
-
Size
2.4MB
-
Sample
230129-ycl9mabb57
-
MD5
402094b5077f7c94530f78882e1a9def
-
SHA1
d0d7ac67bba3022b3649d8766402a3f67d84e688
-
SHA256
ba80a5efff5dcb59efb1cd4fd12ac508b6e1fb9774d119893fb721b2d1d8f8cb
-
SHA512
7a0204b584706c44edfb031f7713b5589ffa0d4c681355a287920e7758c0b1cfdad2ba7abfaa6f7b928aa7193f04564a6818b9052535ba53ee25076f42ca3075
-
SSDEEP
49152:RqoZ0ajbQzlK5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgGF:5X0zli6u4985m0sQ1a7
Static task
static1
Behavioral task
behavioral1
Sample
ba80a5efff5dcb59efb1cd4fd12ac508b6e1fb9774d119893fb721b2d1d8f8cb.exe
Resource
win7-20220812-en
Malware Config
Extracted
xloader
2.3
ivay
b4ukid.com
missioncontrol2030.com
chriswhitefoto.com
guepard-marine.com
getlauded.com
jingdonglm.com
clintlove.com
boldstrategicmedia.com
bluebay3dwdmall.com
aishag.com
forexexpoaward.com
basslakedisposal.com
bukannyaterbuai36.com
learntrhc.com
cancunpolo.com
case-cornershop.com
tahiticomplementos.com
dashanzhf.com
wholeholistichealth.com
inass-yassin.com
citestiprb151at29.com
kazancsere.net
ittakesavillagekitchen.info
jkmibszou.icu
lindamaearmstrong.com
chaithanyaonline.com
blowdryingcontest.com
nail-junkie.com
wokinbarbecue.com
thefreemusic.net
digitaldynasti.com
unclonedstream.com
utensilgranchi.com
meszur.com
stevebucci.com
acresvisionent.com
knit1eat1.com
highendsmokeshop.com
pearyazilim.com
andcarryon.com
nailzcrafted.com
homekitchenid.com
pingds.info
connectionsitsolutions.com
tradesfortomorrow.com
roadofcherrytrees.com
roeromeccanica.com
rzpte.com
royaibanks.com
freshwaterflower.com
livr.chat
findandnews.com
cpnpproductions.com
jacknow123.com
kaywoodward.com
houseofvortex.com
goodfood.directory
bosolia.com
caragross.com
racevx.xyz
americanshieldhome.com
drexelflux.com
gxwl1688.com
hurrytrip.com
digitalneeds.tech
Targets
-
-
Target
ba80a5efff5dcb59efb1cd4fd12ac508b6e1fb9774d119893fb721b2d1d8f8cb
-
Size
2.4MB
-
MD5
402094b5077f7c94530f78882e1a9def
-
SHA1
d0d7ac67bba3022b3649d8766402a3f67d84e688
-
SHA256
ba80a5efff5dcb59efb1cd4fd12ac508b6e1fb9774d119893fb721b2d1d8f8cb
-
SHA512
7a0204b584706c44edfb031f7713b5589ffa0d4c681355a287920e7758c0b1cfdad2ba7abfaa6f7b928aa7193f04564a6818b9052535ba53ee25076f42ca3075
-
SSDEEP
49152:RqoZ0ajbQzlK5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgGF:5X0zli6u4985m0sQ1a7
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-