General
-
Target
a2cebc4a1dc8989cbec53ac348866b59
-
Size
500KB
-
Sample
231222-qps9psbcb7
-
MD5
a2cebc4a1dc8989cbec53ac348866b59
-
SHA1
93cc571ea09625a12c7da7b6ef47a09fd65e77d7
-
SHA256
92b63a5285922768116dcbfffaf17b9f181b7a9e9aebccb57f6ec6aa58e7442e
-
SHA512
992d2eff05751e24ba1add7f808c0b55056a83efdc37a626742c0c131f9fb6872a4ec4f80bd5d404c8bf19357ae4d54b5014dc0cfabf75d373f4af6057709f25
-
SSDEEP
12288:Ca51ILoLUY4XY/lT2uZA2PiALOSU4x7Rfm+UF3:Ca5Z4ulT2uNPii3DR8
Static task
static1
Behavioral task
behavioral1
Sample
a2cebc4a1dc8989cbec53ac348866b59.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
u6f4
cleverokids.site
thecannabisawards.vegas
shopbelleofthebarns.com
digitalizamimundo.com
surschool.com
lowbrowprintshop.com
gx17.net
transformafter50.info
lilygildersguild.com
hubcitypaving.com
safemarketingagency.net
suka-cbd.com
leseditionstadine.com
affreciea.com
lamozi.com
csliu.com
drgustavoamadorotorrino.com
trimatrik.digital
diamondtoolz.net
lumerianpriestess.com
thee-rebellion.com
zeefinetech.com
shelleymontreuil.com
waistshape.com
crazydildo.com
1telefonoatencion24horas.com
romanostrowskimed.com
zhenpu.club
au47.com
electrofranco.com
thecesgop.com
resortathome.site
xn--h10bj6ubnhwvp.com
precisiondrywallaberdeen.com
carolesuedegnanfineart.com
hermsworld.com
yiyingaa.com
ellentool.com
birgulemarket.com
dukaan101.net
loansusatitle.com
aura.wtf
mystorageunitinfoca.com
cadwro.com
thuychung.net
teslalaboratorys.com
blackonblacklov.com
chinasbtc.club
hawaiiprivateyoga.com
terraliquid.com
oklahomarvsales.com
industrialwashbooth.com
smarteryou6g44.club
puequefun.com
sabitcoskun.xyz
helobos.com
luxuriousshoesnets.com
simdep18.com
digitalongoin.net
peaceful-protestors.com
autorolla.com
hetfreeblueprint.com
hugsher.com
blun33.com
stagesfolder.store
Targets
-
-
Target
a2cebc4a1dc8989cbec53ac348866b59
-
Size
500KB
-
MD5
a2cebc4a1dc8989cbec53ac348866b59
-
SHA1
93cc571ea09625a12c7da7b6ef47a09fd65e77d7
-
SHA256
92b63a5285922768116dcbfffaf17b9f181b7a9e9aebccb57f6ec6aa58e7442e
-
SHA512
992d2eff05751e24ba1add7f808c0b55056a83efdc37a626742c0c131f9fb6872a4ec4f80bd5d404c8bf19357ae4d54b5014dc0cfabf75d373f4af6057709f25
-
SSDEEP
12288:Ca51ILoLUY4XY/lT2uZA2PiALOSU4x7Rfm+UF3:Ca5Z4ulT2uNPii3DR8
-
Detect ZGRat V1
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-