General
-
Target
ceea6ba30eb014e21b32da74664fc7af
-
Size
1.1MB
-
Sample
231222-r9353sgef6
-
MD5
ceea6ba30eb014e21b32da74664fc7af
-
SHA1
7544a0be934cd998620080e4b2a662a14a1b842d
-
SHA256
ca56c60a7bae1f795cc5cdf415fea21d12a70a0ca48be1737f85c7ed9c76d41d
-
SHA512
1a6300222f83d0dec0d8835c22e4ddc1e562b179ef7dc5aba288c456c255e4a1d8bd3198167f2f60e9f08a53541275094073a70cc4d3aa9a3bea0f25d7526c16
-
SSDEEP
24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf
Static task
static1
Behavioral task
behavioral1
Sample
ceea6ba30eb014e21b32da74664fc7af.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ceea6ba30eb014e21b32da74664fc7af.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xloader
2.3
b0ar
fbadformula.com
appdios.com
guyhoquet-immobilier-drancy.com
pokerwiro.com
maxwellhospitaljaipur.com
88n9.com
bennypc.com
corcoranconsult.com
cuidatusaludcuidatucasa.com
motlakfitnes.com
laurahurricanerelief.com
nostacktofullstack.com
privsec-mail.com
andalusaihealth.com
doosanmodelhouse.com
quickbookaccountingpro.com
falconrysouk.com
vnielvmdqxk538.xyz
asshop.space
mhscdnv1.club
artjohntravis.com
theonandpopoinponytail.net
cunerier.com
6972399.com
wineandhike.com
mcinerneychrysler.com
householdtools.net
smartbusinessforums.com
dashrdog.com
startearningaffiliateincome.com
newdimensionbooks.com
jusarbolivia.com
leverdnice.store
lawlessbritain.com
nanotechslaud.com
pdivale-snapshot.net
thepink.club
khoangsannamtriviet.com
cryptocoin.land
lovelymobilemassage.com
surgeryprovider.com
lapaneradelarepublica.cat
algarmotorcars.com
vib-deutschland.com
secure-dwellant.com
sjhexperiences.com
mgd-ip.com
canadiangrogg.com
livingalcohol.com
evantrah.com
seatssaver.com
smdbusiness.com
poweronelectricalllc.com
zzfdsy.com
tuglapanel.com
classicmotorcycle-tokyo.com
getvrtours.com
poolergeorgiahomes.com
benbyrnemedia.com
voltelectricals.com
massive-racing.com
ceaice.com
shopniagara.net
smileglobe.net
poslity.com
Targets
-
-
Target
ceea6ba30eb014e21b32da74664fc7af
-
Size
1.1MB
-
MD5
ceea6ba30eb014e21b32da74664fc7af
-
SHA1
7544a0be934cd998620080e4b2a662a14a1b842d
-
SHA256
ca56c60a7bae1f795cc5cdf415fea21d12a70a0ca48be1737f85c7ed9c76d41d
-
SHA512
1a6300222f83d0dec0d8835c22e4ddc1e562b179ef7dc5aba288c456c255e4a1d8bd3198167f2f60e9f08a53541275094073a70cc4d3aa9a3bea0f25d7526c16
-
SSDEEP
24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf
Score10/10-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-