General
-
Target
06e39ab322fda94c231cd51b9f5e60ea
-
Size
692KB
-
Sample
231219-mj867adhc6
-
MD5
06e39ab322fda94c231cd51b9f5e60ea
-
SHA1
8cc59571463811f56006426ee81a0d5b220beaec
-
SHA256
c55b9c07d7796fc4b41095b8bada978ef5995211936a301cfdbd6be4d0c0ec67
-
SHA512
17bc8ac8741e294a03990230e913163555c1a400827db44c95282ed9cf000f04f698537d677af9bcda7d13dee03ff3f7bd2766854074cde3960db946c61cadbe
-
SSDEEP
12288:6az2qMvipacTQEwH0YSMd8c0LNbuiGgNXhLGt9xHg7HvTTxL+CMDE:j3+EwH0YSMR0ZuKNXtQXA7HvnxI4
Static task
static1
Behavioral task
behavioral1
Sample
06e39ab322fda94c231cd51b9f5e60ea.exe
Resource
win7-20231129-en
Malware Config
Extracted
xloader
2.5
gab8
amateurfeetworship.com
big-food.biz
metaversevolution.com
profecional-pacasmayo.com
royzoom.com
bekindevolution.com
hokozaki.com
waltersswholesale.com
wayfinderacu.com
schnurrgallery.com
babygearrentals.net
imggtoken.club
24x7x366.com
lakiernictwo.info
les-cours.com
dwticket.com
onarollshades.com
ramireztradepartners.com
safarparfums.com
6ngie.info
hoedetamni.quest
europeangurl.com
sakhakot.com
franciscoalpizar.com
jsyysn.com
goldberg-lighting.com
symbebidas.online
aucoeurducadeau.com
diamondscaterers.com
surswain.quest
gequper.xyz
roytsb.com
332151.com
hienrenow.com
skullother.com
betnubhelp.com
donerightcleaningnation.info
noukou-tonkotsu.xyz
bulkysofthome.com
yuejiayouhua.com
sevillalimpieza.com
involvefinance.com
obz7mo9amu.com
niftyfashionreward.com
refunddngame.com
norllix.com
vergadercentrumdji.com
1006e.com
boraeresici.com
partnerbebefits.com
hejabbanifatemi.com
bigskypediatrics.com
thefortclub.com
blacksource.xyz
happyklikshop.com
fullamodatoptan.com
pinupcams.info
javnfts.com
duocvietpharmacy.com
babyfloki.tech
cequitycorp.com
frenziedflora.com
5cherries.com
slurcap.com
purodetalle.com
Targets
-
-
Target
06e39ab322fda94c231cd51b9f5e60ea
-
Size
692KB
-
MD5
06e39ab322fda94c231cd51b9f5e60ea
-
SHA1
8cc59571463811f56006426ee81a0d5b220beaec
-
SHA256
c55b9c07d7796fc4b41095b8bada978ef5995211936a301cfdbd6be4d0c0ec67
-
SHA512
17bc8ac8741e294a03990230e913163555c1a400827db44c95282ed9cf000f04f698537d677af9bcda7d13dee03ff3f7bd2766854074cde3960db946c61cadbe
-
SSDEEP
12288:6az2qMvipacTQEwH0YSMd8c0LNbuiGgNXhLGt9xHg7HvTTxL+CMDE:j3+EwH0YSMR0ZuKNXtQXA7HvnxI4
-
Xloader payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-