General
-
Target
b541f6972e9401c1d339ee834624964f
-
Size
306KB
-
Sample
231227-tdkpzahfar
-
MD5
b541f6972e9401c1d339ee834624964f
-
SHA1
e3fa558950572781b9e5c0cf90ab2f33bfe1f6ba
-
SHA256
f538cb4adcbb1a2e38c8dfc39eeac67fdfa5d2a4c5481b694a56d5419de0d13b
-
SHA512
07c4d392c63599db9e0a6c54d8dd524d8a81b545e8d653a77b31d6854f269e36ce5c1f02506fabbab10062abed953bebbbdc938f1028d9353d9215b16433c4cd
-
SSDEEP
6144:AkPdLOh96y/zSH3oPRXKfdCOypaQwSrivjLvHWqTs8:AkdCh9Fi3UJKMfDwKivHWqw8
Static task
static1
Behavioral task
behavioral1
Sample
USD 9 938 04.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
USD 9 938 04.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xloader
2.3
n1gb
eggrollkinglittleton.com
apexprepcenter.com
therockwellpenthouse.com
buywellcoffee.com
ttbdigitalsolutions.com
ev3adam.com
ngdnwgtsf.club
innercirclegames.net
armyofaffirmationsbyardys4u.com
ownitofficial.com
ksbigdata.com
kayleightaylorphotography.com
darziwale.com
besthomespeakers.com
geeksservices88.xyz
bnmyy.com
lovemyhealthycandy.com
cowriecom.com
123movie.review
checkeraccount.store
mk5gli.com
hotelslucca.net
vtuber8.club
christymariephotography.com
xn--80aleenpgi4k.xn--p1acf
noithatnhapkhaucaocap.net
cfjconsulting.com
sashisworld.com
fguysmobile.com
domvilsaica.com
anasudany.com
tarusdream.com
johnwaszak.com
webcarekit.com
outletsiksilk.com
efoodapps.com
inn-credible.com
gertrudegabsworth.com
tecrooz.com
osenbu.com
combatcart.com
pleasurepointjuice.com
k72nox.xyz
jemadrqahware.com
brianbisselgroup.com
nonagrill.net
hostingzw.com
sleeerl.com
flatpackamigos.net
visa-global.net
ufm-socialmedia.com
gamerightsmarket.com
solisdq.info
triumphuser.com
moneygoalcoach.com
elransgroupbenefits.info
seaviewterracenoosa.com
712031.com
canvasdj.com
quironmind.com
nickmodelcars.com
gzchengweiqiye.com
farming-ai.com
madaboutmerino.com
virtualautomated.com
Targets
-
-
Target
USD 9 938 04.exe
-
Size
253KB
-
MD5
d6f5d8daa9c4f1eb811f917cb36e3ae8
-
SHA1
376fe067529472be82e9ad8021723c324c9147b2
-
SHA256
1e84489998e9058c4f93028b83f2f4cc1655548ef6160cb42c469b9714de6271
-
SHA512
aefd7b64944efad0bf5e01c87ec057df88a9826b54b097e9aa79e923e6b136aef8f439f9ac5f697465f806a04678690103cc6ab5cfc0a6fd6d731b1c60d5be6b
-
SSDEEP
6144:hd53TvpHeIl0CAIJVlFMhoP1RGoS5u9goIO+tdANvSRq4KfMn7etE9it:hd53TvpHeIl0CAIR9675QgodqdANfU7g
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-