General
-
Target
019f94493f60d6cb145b4ce0af61a04c
-
Size
951KB
-
Sample
231229-x4l79sadhj
-
MD5
019f94493f60d6cb145b4ce0af61a04c
-
SHA1
3964f346a9b46b1a00f58d942824624feecb4e21
-
SHA256
b1c0d03ce438a2d22a8b2d3b9133d14cd81d0dc5470df02e174bed586898f8ab
-
SHA512
5a8331d593ddb86ef102a1fa0ce439a50725e943983c56976eae2c6d76d966e9a2ec3391ecfeb27fd7e08e604a5ff6838a21a83a67b47fe18c0bbf133b8e4f25
-
SSDEEP
12288:VxRwxKxO6F84DtPASSVdYiO5GpS4u6C5oWpf0y3k0Vb/AElj8iDxLBYR1p2Z3+XV:GMOqrGSuDfCACUeQ+mgg
Static task
static1
Behavioral task
behavioral1
Sample
019f94493f60d6cb145b4ce0af61a04c.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
n6ce
globalyzr.com
lasvegascasino.host
homerepairsupplies.com
feshlifefarmproduce.com
speaking123.com
menghai-cn.com
findfantasyfootballleagues.com
starbet365.com
isabellelodo.com
1031investmentsgroup.com
hmwxxs.com
littlehomeimprovements.com
visagebeautystudiollc.com
gessunt.com
nomadguitarist.com
ktcollegeconsulting.com
clientstudio.net
deciempro.com
puraniwheels.com
mattwatt.xyz
mikkabaksa.com
car-fukuoka.com
theuseofashes.com
synastry.love
creativefox.agency
threeaquarians.com
aifurui826.com
pantyverso.com
practicablespread.club
developmentignited.com
caveanimal.icu
grabzippy.com
pervamomma.com
radiodabarra.com
18yxw.com
4thquarterhappiness.com
blun33.com
bqxrqxy.icu
sbdiario.com
zenithfreshfood.com
idylle-guerlain.com
chaodinhduongngucocbeone.net
lakelasvegas.homes
6779912.info
awesomepetsupply.com
supplementmoney.com
citydealmaker.com
futureability.global
vaytieudung360.com
mizumarketing.com
poundcakecastle.com
dbzszy.com
teanengineering.com
nourish.technology
jaisl11.com
servicemobility.xyz
highstreetbutlers.com
livetech.tech
lunaticc.xyz
dongtianre99.com
diosacloset.com
workonlinetips.com
brunacarla.com
olympicvalleyonline.com
emilyrcook.com
Targets
-
-
Target
019f94493f60d6cb145b4ce0af61a04c
-
Size
951KB
-
MD5
019f94493f60d6cb145b4ce0af61a04c
-
SHA1
3964f346a9b46b1a00f58d942824624feecb4e21
-
SHA256
b1c0d03ce438a2d22a8b2d3b9133d14cd81d0dc5470df02e174bed586898f8ab
-
SHA512
5a8331d593ddb86ef102a1fa0ce439a50725e943983c56976eae2c6d76d966e9a2ec3391ecfeb27fd7e08e604a5ff6838a21a83a67b47fe18c0bbf133b8e4f25
-
SSDEEP
12288:VxRwxKxO6F84DtPASSVdYiO5GpS4u6C5oWpf0y3k0Vb/AElj8iDxLBYR1p2Z3+XV:GMOqrGSuDfCACUeQ+mgg
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Xloader payload
-
Suspicious use of SetThreadContext
-