General
-
Target
f7d5f8b4ddd56036981b828611a75f83
-
Size
1.1MB
-
Sample
231222-varvjsacbr
-
MD5
f7d5f8b4ddd56036981b828611a75f83
-
SHA1
5c1f47b8637aa157c2ad15d9f713b119359fd217
-
SHA256
4cfbe6aa94bf76cb52f9a3b89c687f48908cfdd0fe0bd791c70e5b9790b71c8b
-
SHA512
0898b974e32e9ad55f8fb2659c5187f28addeb659cb90912a9488825ab8d3444e25c932eace6662a5ea470bdfd1fc02848478fc435bf3bdd47d69985ae8589af
-
SSDEEP
24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf
Static task
static1
Behavioral task
behavioral1
Sample
f7d5f8b4ddd56036981b828611a75f83.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f7d5f8b4ddd56036981b828611a75f83.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xloader
2.3
b0ar
fbadformula.com
appdios.com
guyhoquet-immobilier-drancy.com
pokerwiro.com
maxwellhospitaljaipur.com
88n9.com
bennypc.com
corcoranconsult.com
cuidatusaludcuidatucasa.com
motlakfitnes.com
laurahurricanerelief.com
nostacktofullstack.com
privsec-mail.com
andalusaihealth.com
doosanmodelhouse.com
quickbookaccountingpro.com
falconrysouk.com
vnielvmdqxk538.xyz
asshop.space
mhscdnv1.club
artjohntravis.com
theonandpopoinponytail.net
cunerier.com
6972399.com
wineandhike.com
mcinerneychrysler.com
householdtools.net
smartbusinessforums.com
dashrdog.com
startearningaffiliateincome.com
newdimensionbooks.com
jusarbolivia.com
leverdnice.store
lawlessbritain.com
nanotechslaud.com
pdivale-snapshot.net
thepink.club
khoangsannamtriviet.com
cryptocoin.land
lovelymobilemassage.com
surgeryprovider.com
lapaneradelarepublica.cat
algarmotorcars.com
vib-deutschland.com
secure-dwellant.com
sjhexperiences.com
mgd-ip.com
canadiangrogg.com
livingalcohol.com
evantrah.com
seatssaver.com
smdbusiness.com
poweronelectricalllc.com
zzfdsy.com
tuglapanel.com
classicmotorcycle-tokyo.com
getvrtours.com
poolergeorgiahomes.com
benbyrnemedia.com
voltelectricals.com
massive-racing.com
ceaice.com
shopniagara.net
smileglobe.net
poslity.com
Targets
-
-
Target
f7d5f8b4ddd56036981b828611a75f83
-
Size
1.1MB
-
MD5
f7d5f8b4ddd56036981b828611a75f83
-
SHA1
5c1f47b8637aa157c2ad15d9f713b119359fd217
-
SHA256
4cfbe6aa94bf76cb52f9a3b89c687f48908cfdd0fe0bd791c70e5b9790b71c8b
-
SHA512
0898b974e32e9ad55f8fb2659c5187f28addeb659cb90912a9488825ab8d3444e25c932eace6662a5ea470bdfd1fc02848478fc435bf3bdd47d69985ae8589af
-
SSDEEP
24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf
Score10/10-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-