General
-
Target
af02104b5d055208c0004ed98897a8a0
-
Size
628KB
-
Sample
231227-m9zensehdl
-
MD5
af02104b5d055208c0004ed98897a8a0
-
SHA1
751fd909f007a4389770deff024627c49d78928c
-
SHA256
61496a330e7add2b8cbefd01c57ea47770335a9a8cf648053be4039f4b0be6fb
-
SHA512
57ec7c0e74a45419d4c14fc7cb358324f82756c40026c09f0d23a27a73d69de0fd5e8b349bd6f6d0a431e2b29f558d0a39872a08915e96c6b16174abb33bc65a
-
SSDEEP
12288:YBoT7Sgxyoy5u0MpQhBw68/iaAjzQ1eYk+0EChbV8wn27mo5oFCEkv:wyJQous6BA7mo5oFCEkv
Static task
static1
Behavioral task
behavioral1
Sample
af02104b5d055208c0004ed98897a8a0.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
t53x
elitenewyorkart.com
xuongdobongda.net
prepostclinic.com
wyypdenky.icu
resistcomic.com
therapytshirtsgifts.com
yearbookart.com
pruxstore.com
nqubuka.net
vivajaliscotaquerias.com
acadianfire.com
pkyizu.com
cutewebclock.com
5g22k.com
salam-national.com
xn--hw4bn4cizoete.com
maatilamanager.com
motoboom.net
turquoisebymony.com
winervilla.com
onecalllease.com
smartcobotix.com
siguia.com
csgosupplier.com
person-of-interest.com
competitiveperformance.com
flashpinstallservice6835.xyz
immobilien-hauf.com
muhajirlamkaruna.com
pm-iot.com
electricalpanelreplacement.com
parjview.com
holodart.com
freetoplaymedia.com
jwr.xyz
spicytark.com
emergebrandco.com
nncontent.com
willbm.com
vidprideltd.xyz
jerometheodorepowelljr.com
thanksgivingus.com
allianceroofcoatingsmo.com
casetrology.com
idrink.xyz
wfxtewx.com
janhitsevasangh.com
kuppers.info
muveszeti.com
collectivenews.net
procym.com
max-objektbau.com
easyexchangerbd.com
purehealings.com
waggroup.icu
kyrosparkpharma.com
keelakini.com
kmijun.com
judgeworld90.com
88vitamins.com
biscreators.com
scrapnwaste.email
sammiblaque.com
nebuless.net
streamto1million.com
Targets
-
-
Target
af02104b5d055208c0004ed98897a8a0
-
Size
628KB
-
MD5
af02104b5d055208c0004ed98897a8a0
-
SHA1
751fd909f007a4389770deff024627c49d78928c
-
SHA256
61496a330e7add2b8cbefd01c57ea47770335a9a8cf648053be4039f4b0be6fb
-
SHA512
57ec7c0e74a45419d4c14fc7cb358324f82756c40026c09f0d23a27a73d69de0fd5e8b349bd6f6d0a431e2b29f558d0a39872a08915e96c6b16174abb33bc65a
-
SSDEEP
12288:YBoT7Sgxyoy5u0MpQhBw68/iaAjzQ1eYk+0EChbV8wn27mo5oFCEkv:wyJQous6BA7mo5oFCEkv
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader payload
-
Suspicious use of SetThreadContext
-