General
-
Target
c4033910eaa4944d2c84b15fb964cda9
-
Size
474KB
-
Sample
231222-rt8qmadce3
-
MD5
c4033910eaa4944d2c84b15fb964cda9
-
SHA1
638909d6c893b58b57e3ce61eaa650628dd42b08
-
SHA256
d8bbf0c15a39bb1dd36c71177d2e8c5a05b0531bd91c03800b8503dc23f662c7
-
SHA512
2dd0d33d5385af8f247a308b7adf71144881a34bed6177748b1b101c61fe39ccc63425f8a2efb4beeef28baf55f9e2752240ab24265728de082f5c16a9b7e8a0
-
SSDEEP
12288:naYamkM7gHD3KTfv7w0YGwiYPlyGmEdtI:aYl/7Ea/D
Static task
static1
Behavioral task
behavioral1
Sample
c4033910eaa4944d2c84b15fb964cda9.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
cpa3
hkp.xyz
marcinkwiatkowski.com
celebrityobserver.com
thelotsgroup.com
actusforums.com
cityparcelservice.com
apprig.com
naughtianalove.com
lesitedelanimation.com
taxes1234.com
citieyuan.com
kokonarafile.com
morenatives.com
iredreview.com
oddlywelladjusted.com
wpj.xyz
gofairlane.com
galtoubul.com
custompickem.com
partsandersenstormdoor.com
e-smartlearning.com
belgiummodeling.com
sistemahorpend.com
rivereastsundayfunday.com
sleepessentialoil.com
novacred.online
romunro.club
stocksflip.com
chongqingduteng.com
vivid2020.com
akinaidou.com
digitalerp.net
createwiz.com
brunswickpecanfestival.com
adamperfectroom.com
katsoutdoorsports.com
happy-spineco.com
yqynov.com
thecowleyconsultancy.com
diamondskincareshop.com
hysproperu.com
chartyvillag.com
whatkindofsushi.com
actihire.com
mimik33.com
eussc.net
topratedsellers.net
hongfad.com
inhealthvip.com
takechargeyourcareer.com
blackcatstudio.cool
gokitt-e.com
zalepekaska.xyz
moneytip.xyz
salesoversea.com
bruxfinance.com
iiiicu.com
aceitesmuyesenciales.com
qjz.xyz
kombrewme.com
v2ray.zone
luxurylectro.com
jysslj.com
panoramaits.com
cashflowtoday.net
Targets
-
-
Target
c4033910eaa4944d2c84b15fb964cda9
-
Size
474KB
-
MD5
c4033910eaa4944d2c84b15fb964cda9
-
SHA1
638909d6c893b58b57e3ce61eaa650628dd42b08
-
SHA256
d8bbf0c15a39bb1dd36c71177d2e8c5a05b0531bd91c03800b8503dc23f662c7
-
SHA512
2dd0d33d5385af8f247a308b7adf71144881a34bed6177748b1b101c61fe39ccc63425f8a2efb4beeef28baf55f9e2752240ab24265728de082f5c16a9b7e8a0
-
SSDEEP
12288:naYamkM7gHD3KTfv7w0YGwiYPlyGmEdtI:aYl/7Ea/D
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-