General
-
Target
a7c3eb18e5e475d5f04f45917b6d4d1b
-
Size
2.3MB
-
Sample
231222-qwv2waadck
-
MD5
a7c3eb18e5e475d5f04f45917b6d4d1b
-
SHA1
efa6f5509edb789fdc738c43faa44840963e9008
-
SHA256
48cdd3518d024b5cdba568ddd5f01c44eed50267c43cc127043d158fd55fefd6
-
SHA512
fb5f0a385746226f5729ddf70c540eef85e2f64730a96c44ba5e7d2de4fcbe168818fd4324346a6f5c398a1519f7951e6c04ba2e461b7c3159f9f0b2e1707c1f
-
SSDEEP
49152:vbOnM0AAjLZlCCRlfVM9QPdxwfE7WlFwKAfzuTiDFUFk:vbOnM8SU9V1PdVQFwKZCFg
Static task
static1
Behavioral task
behavioral1
Sample
a7c3eb18e5e475d5f04f45917b6d4d1b.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a7c3eb18e5e475d5f04f45917b6d4d1b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xloader
2.3
b0ar
fbadformula.com
appdios.com
guyhoquet-immobilier-drancy.com
pokerwiro.com
maxwellhospitaljaipur.com
88n9.com
bennypc.com
corcoranconsult.com
cuidatusaludcuidatucasa.com
motlakfitnes.com
laurahurricanerelief.com
nostacktofullstack.com
privsec-mail.com
andalusaihealth.com
doosanmodelhouse.com
quickbookaccountingpro.com
falconrysouk.com
vnielvmdqxk538.xyz
asshop.space
mhscdnv1.club
artjohntravis.com
theonandpopoinponytail.net
cunerier.com
6972399.com
wineandhike.com
mcinerneychrysler.com
householdtools.net
smartbusinessforums.com
dashrdog.com
startearningaffiliateincome.com
newdimensionbooks.com
jusarbolivia.com
leverdnice.store
lawlessbritain.com
nanotechslaud.com
pdivale-snapshot.net
thepink.club
khoangsannamtriviet.com
cryptocoin.land
lovelymobilemassage.com
surgeryprovider.com
lapaneradelarepublica.cat
algarmotorcars.com
vib-deutschland.com
secure-dwellant.com
sjhexperiences.com
mgd-ip.com
canadiangrogg.com
livingalcohol.com
evantrah.com
seatssaver.com
smdbusiness.com
poweronelectricalllc.com
zzfdsy.com
tuglapanel.com
classicmotorcycle-tokyo.com
getvrtours.com
poolergeorgiahomes.com
benbyrnemedia.com
voltelectricals.com
massive-racing.com
ceaice.com
shopniagara.net
smileglobe.net
poslity.com
Targets
-
-
Target
a7c3eb18e5e475d5f04f45917b6d4d1b
-
Size
2.3MB
-
MD5
a7c3eb18e5e475d5f04f45917b6d4d1b
-
SHA1
efa6f5509edb789fdc738c43faa44840963e9008
-
SHA256
48cdd3518d024b5cdba568ddd5f01c44eed50267c43cc127043d158fd55fefd6
-
SHA512
fb5f0a385746226f5729ddf70c540eef85e2f64730a96c44ba5e7d2de4fcbe168818fd4324346a6f5c398a1519f7951e6c04ba2e461b7c3159f9f0b2e1707c1f
-
SSDEEP
49152:vbOnM0AAjLZlCCRlfVM9QPdxwfE7WlFwKAfzuTiDFUFk:vbOnM8SU9V1PdVQFwKZCFg
Score10/10-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-