General
-
Target
a3afb654fc55cffc4f26fd27a7f7109de5edc5401d2c6b03241358ea69dbfcda
-
Size
449KB
-
Sample
230130-cnkpaaeh8t
-
MD5
d97fa5d09cd14d1f1bf3a9733d1fcb33
-
SHA1
fe3d711a4c093615c66514eb750aefc69af7b88a
-
SHA256
a3afb654fc55cffc4f26fd27a7f7109de5edc5401d2c6b03241358ea69dbfcda
-
SHA512
576ceb2a764614c6646020e9a625af6fa99a54e4402ee1d3b788ff286a1ee223709f01da150f0e6faf388236e6a46826e03792abb764d56142aa0c93f2a1baab
-
SSDEEP
6144:GUY3nV8jvJaWR2+LNqvbcQ4je0b3wO92HxNcqNaAFcRBWafsBIco8W7bEopRzqbA:zYFmKH908W2HzazRBWBBo8EJfqiJRp3t
Static task
static1
Behavioral task
behavioral1
Sample
shipping document.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
shipping document.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
xloader
2.6
pdrq
welchsunstar.com
mppservicesllc.com
wiresofteflon.com
brabov.xyz
compnonoch.site
yourbuilderworks.com
iamsamirahman.com
eriqoes.com
eastudio.design
skyearth-est.com
teethfitness.com
razaancreates.com
shfbfs.com
joyfulbrokekids.com
kjbolden.com
howirep.com
deedeesmainecoons.website
e-powair.com
aheatea.com
shalfey0009.xyz
designcolor.style
netflixpaymentpending.ca
bothoitrang3.site
motondiarts.com
staynmocean.com
miamivideoshows.com
berendsit.com
yndzjs.com
yiwenhome.xyz
royaldeals.net
clearvison-ts.com
peluqueriasusanagalan.com
thelittlewellnessstudio.com
gurulotaska.com
smgsj.com
followpanelbd.com
prinirwedding.com
3559.fyi
amcvips.com
bigroof.top
chipbio-zt.com
candelasluxuryretreat.com
jboycephotography.com
affiliateindex.xyz
grannysseasonings.com
lcl-inc-test.com
beadallcreations.jewelry
yzzhome.top
tobe-science.com
cincinnaticustomrenovation.com
survaicommercial.xyz
businessdirectorymania.com
phqworld.com
miamigocars.com
labfour.systems
gregoryzeitler.com
dj-mary.com
one1-day.com
vegfiber.com
sfbayraw.net
xn--bndarsloto-s4a.com
felipesb.com
108580.com
1swj06mjrowgi.xyz
koalaglen.com
Targets
-
-
Target
shipping document.exe
-
Size
602KB
-
MD5
581f035ad9efea243aa84cb9e0a3b912
-
SHA1
889d1a7422af067f740cb9bac339ee55847b1287
-
SHA256
c9b8eec86e68c49ea7d93474b09385745892b0335dff80fd2a15ff682223a39c
-
SHA512
466abdadc936eefdf33e418a04696d6f17f5533d37de29e7b51e5fe66fef6f3eb93fb7a7fff2197c220d50b10af4c44194d54460a4090e52f46d1e820ea3463c
-
SSDEEP
12288:Zeb81BafvIK2iNq2iNq2iNq2iNGDak+UVmU7uTyotkJiHD5SS60Vw:iVf51I1I1I12/ZuTdtkJ85SD
-
Looks for VirtualBox Guest Additions in registry
-
Xloader payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-