General
-
Target
2e29d2fbc9f39750bca375f2d16fd025
-
Size
1.1MB
-
Sample
231221-31f5qsfch8
-
MD5
2e29d2fbc9f39750bca375f2d16fd025
-
SHA1
202c0f0a3c36e44d23ccbc9263b0713eec2938fe
-
SHA256
c3b1c85c689dac9728d945c6584351c77e168321e8914bd90254dcc00c4993ea
-
SHA512
9612335316aa6dcb8f3d7b4a2fa0098ab1dcfb53f3f716120bbe0a28cd158a2f35f2e955c2649a7a97a77bc56e15c926092e8c18ca278d64ab9ab2d758f4903b
-
SSDEEP
24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf
Static task
static1
Behavioral task
behavioral1
Sample
2e29d2fbc9f39750bca375f2d16fd025.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2e29d2fbc9f39750bca375f2d16fd025.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xloader
2.3
b0ar
fbadformula.com
appdios.com
guyhoquet-immobilier-drancy.com
pokerwiro.com
maxwellhospitaljaipur.com
88n9.com
bennypc.com
corcoranconsult.com
cuidatusaludcuidatucasa.com
motlakfitnes.com
laurahurricanerelief.com
nostacktofullstack.com
privsec-mail.com
andalusaihealth.com
doosanmodelhouse.com
quickbookaccountingpro.com
falconrysouk.com
vnielvmdqxk538.xyz
asshop.space
mhscdnv1.club
artjohntravis.com
theonandpopoinponytail.net
cunerier.com
6972399.com
wineandhike.com
mcinerneychrysler.com
householdtools.net
smartbusinessforums.com
dashrdog.com
startearningaffiliateincome.com
newdimensionbooks.com
jusarbolivia.com
leverdnice.store
lawlessbritain.com
nanotechslaud.com
pdivale-snapshot.net
thepink.club
khoangsannamtriviet.com
cryptocoin.land
lovelymobilemassage.com
surgeryprovider.com
lapaneradelarepublica.cat
algarmotorcars.com
vib-deutschland.com
secure-dwellant.com
sjhexperiences.com
mgd-ip.com
canadiangrogg.com
livingalcohol.com
evantrah.com
seatssaver.com
smdbusiness.com
poweronelectricalllc.com
zzfdsy.com
tuglapanel.com
classicmotorcycle-tokyo.com
getvrtours.com
poolergeorgiahomes.com
benbyrnemedia.com
voltelectricals.com
massive-racing.com
ceaice.com
shopniagara.net
smileglobe.net
poslity.com
Targets
-
-
Target
2e29d2fbc9f39750bca375f2d16fd025
-
Size
1.1MB
-
MD5
2e29d2fbc9f39750bca375f2d16fd025
-
SHA1
202c0f0a3c36e44d23ccbc9263b0713eec2938fe
-
SHA256
c3b1c85c689dac9728d945c6584351c77e168321e8914bd90254dcc00c4993ea
-
SHA512
9612335316aa6dcb8f3d7b4a2fa0098ab1dcfb53f3f716120bbe0a28cd158a2f35f2e955c2649a7a97a77bc56e15c926092e8c18ca278d64ab9ab2d758f4903b
-
SSDEEP
24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf
Score10/10-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-