General
-
Target
05a49f5f7a607b0d3bc40d6388c16ba1
-
Size
2.2MB
-
Sample
231229-2e1ftaebdr
-
MD5
05a49f5f7a607b0d3bc40d6388c16ba1
-
SHA1
f3500ac3052799fd6f148661821433752e85b88d
-
SHA256
25c4bfa172cf7cf54c8c359ac9de186584adc6b5d3acd0d48bfe169002f19799
-
SHA512
25b6416360d351388dcb646fcb4c79c8d8d7aa34a5db108a4d0879a063df93b42351ebc08010d5f2d96bde19cf495389c780cce1a334861aab0445735c8c1a16
-
SSDEEP
24576:sWxtj4a1Zh5BtpahOpDTXfuUAgLMXmglNHMVlTUdKFNgjBwPBOHxWxtj4a1Zh5BA:xzut5XB27gszut5XB27gD
Static task
static1
Behavioral task
behavioral1
Sample
Factura F-40821.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Factura F-40821.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
Factura F-40821.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
tyns
jayetincture.com
goicuoc-4gviettelthang.club
amcsetory.com
hljjh.com
saifedesign.com
dkdimensions.com
pestcontroladviser.com
elferingewort.com
aduhelmsupport.com
around30-healthlife.com
sahintasimacilik.com
marshpillowhere.com
revenuexll.com
itsbcbasupervision.com
gregorysfencingandmore.com
ardatekniklpg.com
lamiajoias.com
baofengsm.com
astanusa.com
shinglobal1201.com
thedarklingsnovel.com
ammyyboutique.com
shocal.net
mtepharaon.com
wwwdesertrad.com
vishatech.online
fettucinealfredo123.xyz
covid-19vaccinemonitoring.com
corinnadesigns.com
terrasseseine.com
brernid.club
seewhyexercise.com
vintagehealthandfitness.com
fabricioebrida.com
truth-warrior.com
slatemint.net
artibirmarket.com
xn--arquitecturaydiseos-c4b.com
bulgariapictures.net
lawson3.xyz
agilechangeinstitute.site
gglane.com
racevc.com
tataaiawellnessday.com
allindiabreakingnews.com
aconstructionconceptsllc.com
verifiedsoccerpredictions.com
citestaccnt1597644238.com
kgroup.info
recipesforweb.com
tncovid19results.com
amazoncon.xyz
eljodon.club
uuoouu-90.store
elamineglobaltrade.com
caixadevinho.com
prembion.com
xn--3bsr2iw15d77b.net
cerminqiu.net
nevadapoodlebreeders.com
fourgenplaypen.net
thehiscollection.com
bungalowx.com
vastgoedprotocol.online
video-download.club
Targets
-
-
Target
Factura F-40821.exe
-
Size
1.1MB
-
MD5
af2e64375e5e3ad35f0d5c6b773c2732
-
SHA1
a1d28973ce86c1b6fc1d2268c41cb3d43c890f93
-
SHA256
d4abcb7a4f3f901cc752a8969253a2ea0870547a52be79b9da905dbc8046a0e1
-
SHA512
cc17964392e61cee40fbcd951c51333c3caf6c5cff400ad0bf4d935032d6c967fd92bd7c4ff93d89bd009566c065070b0718bd743a9f8211f58c9ff814564fbd
-
SSDEEP
24576:Po2A4drxmOPJ7RNewMI/Bf+VCTZ7D/NJKaom:gbaPJtNeyBfNZ7pJKlm
-
Xloader payload
-
Suspicious use of SetThreadContext
-
-
-
Target
Factura F-40821.exe
-
Size
1.1MB
-
MD5
af2e64375e5e3ad35f0d5c6b773c2732
-
SHA1
a1d28973ce86c1b6fc1d2268c41cb3d43c890f93
-
SHA256
d4abcb7a4f3f901cc752a8969253a2ea0870547a52be79b9da905dbc8046a0e1
-
SHA512
cc17964392e61cee40fbcd951c51333c3caf6c5cff400ad0bf4d935032d6c967fd92bd7c4ff93d89bd009566c065070b0718bd743a9f8211f58c9ff814564fbd
-
SSDEEP
24576:Po2A4drxmOPJ7RNewMI/Bf+VCTZ7D/NJKaom:gbaPJtNeyBfNZ7pJKlm
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-