General
-
Target
f0ae0f0feaeb067f30f47c0d7ff7e9d0
-
Size
537KB
-
Sample
231222-tza3nagbbr
-
MD5
f0ae0f0feaeb067f30f47c0d7ff7e9d0
-
SHA1
960294628e7bb6dfd72fde0c00e7b8dce054a668
-
SHA256
8beb84f2c9260feaeda5fdb9b000124a43b226689d90a396fd1ce12d15765017
-
SHA512
77ee07450bcf4d2065a0e4de78cc4951a6156d7ae75cd6b7cc14b9dd60eb08823ea4bf3fc055e691daf58ae3cdf7b08102c9d4e5e5f8f1becca94570b9d2bf3e
-
SSDEEP
6144:Sbxs+ltPi0ARs8UgUea5+suNaF+PWO94:0sA6d68UgTa5+FE+PWn
Static task
static1
Behavioral task
behavioral1
Sample
f0ae0f0feaeb067f30f47c0d7ff7e9d0.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
vc20
222gu7com-888888gu7app.com
richb.online
lindaplusch.com
polarisjunctionapts.com
vrolin.com
duncanvillebouncehouse.com
coldnationmusic.com
afamegagt.com
mariospizzanewark.com
jinggouwg.com
yourandromeda-es.com
fanuron.com
bestv.xyz
palhh.com
pcsoftwaresdownload.com
courseyblvd.com
jupiterpcrepair.com
tmtiket.com
ojkae.com
netsorrhport.com
carlos-rojo.com
lakshmiphotography.com
blackstorymedia.com
beaplan.com
coimplementosagricolas.com
zhaoxinfeng.xyz
mia-and-coco.com
dalianyulong.com
237177.com
emttrain.com
peptides-direct.com
tomrings.com
hitsredmiqq.net
powerurbano.com
clventure.com
gzjzjg.com
itsbeyondcreativity.com
makeupshopsale.com
svarnmilk.com
vwbuilders.com
personalized.info
cr-vc.com
innovativemultiservice.com
groovvepages.com
ultimutthealth.com
owe.pink
skyvisionstudios.com
dapendotajg.net
learndeskmail.com
mangcapquang.site
gradeaqueens.com
lookingforluvonline.com
svrvisionarymarketing.com
lovesongflower.net
constructorablastim.net
expatautoservices.com
garconladdition.com
3xappointments.com
lunalockshop.com
optimaheatlh.com
corsimicroblanding.com
rendapassivananet.com
id-foto.com
licdesigns.com
portalvipavrasya.net
Targets
-
-
Target
f0ae0f0feaeb067f30f47c0d7ff7e9d0
-
Size
537KB
-
MD5
f0ae0f0feaeb067f30f47c0d7ff7e9d0
-
SHA1
960294628e7bb6dfd72fde0c00e7b8dce054a668
-
SHA256
8beb84f2c9260feaeda5fdb9b000124a43b226689d90a396fd1ce12d15765017
-
SHA512
77ee07450bcf4d2065a0e4de78cc4951a6156d7ae75cd6b7cc14b9dd60eb08823ea4bf3fc055e691daf58ae3cdf7b08102c9d4e5e5f8f1becca94570b9d2bf3e
-
SSDEEP
6144:Sbxs+ltPi0ARs8UgUea5+suNaF+PWO94:0sA6d68UgTa5+FE+PWn
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-