General
-
Target
041eaef6df8d4af62ab1878c56017341
-
Size
294KB
-
Sample
231229-z11btsbdep
-
MD5
041eaef6df8d4af62ab1878c56017341
-
SHA1
b210fdf3b9f4f0c14dba7e8ef37590aae847f034
-
SHA256
3372e8d057ffff2279f0f1ce2da85d973c3892cd96d8a3fc7d8d6e51f9e6d4b2
-
SHA512
a16487aa38f6bc6a2d65063372b50058e4bdb9b8d46201909052111c1f4a979d4dfc67f054a8c32d46475d813ac22b3fccdda600dd8c401a276792a68748d6f6
-
SSDEEP
6144:QoCCqYPiZZXJoat7/vu6G3iXE0wJEdsvytIDPVX:XqXZXJn7/v5GiE0cEdsacJ
Static task
static1
Behavioral task
behavioral1
Sample
VSL_MV HARMONY.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
smd0
alparmuhendislik.com
mighteaco.com
adventurelesotho.com
leeli.design
pdgpr.com
halalfolio.com
buildmybusinesscase.com
fastymove.com
thirdcoastbenefits.com
wwg1024.xyz
zx997.com
restorationpros911.com
shopboost.xyz
mattberningerwebsite.com
xn--e1awdjp3ao.xn--p1acf
laceandpleats.com
leseluxus.com
thesanjay.net
unravelshop.com
jetblueairlinesfly.com
simplychicaffair.com
xn--o79awjv82emyav9f.com
unetpet.com
9gu7m8ftgm8.net
myrockdoc.com
bosebundles.com
morseoverlook.com
ongrupos.com
wjessicawang4300.com
bytecodecloud.com
trkinfinity.com
bulukx.com
nataliagarciacloser.com
darlinshouse.com
office-akiko.com
carre4.net
unboundfortworth.com
qaspeak.com
redbarnfarmnc.com
warrioradvisory.tech
spiral-safety.com
babushkacarpetcleaning.com
sendwayscourier.com
centersphereexchange.com
biangrupsa.com
splendiferous.info
jodyedesigns.com
kiswadeshi.com
boirmax.com
saifudheen.com
tucker2014.com
guineaphotos.com
xn--udsv8hzb369e.com
youportugal.com
carbotelia.com
uncouplingandcoparenting.com
elenacasasnovasfisio.com
musiclabz.com
mudentalclinic.com
aadhyapikdost.com
dnycd.com
foreverthedevil.com
5988199.com
shopwithvicki.com
bangsawanshop.com
Targets
-
-
Target
VSL_MV HARMONY.exe
-
Size
228KB
-
MD5
9a946c41ee6fe3c70bf0075e5082a8d1
-
SHA1
843e067511458f238a9fc1e5cfc35c5539d1ae87
-
SHA256
813f8d8c97adcb2b57b170bef87008e4fcfa904b5cc6df0486b5be1885abfbee
-
SHA512
f7e664b059ab3f42fe6630987eae4e4b24cc291f6eebf0dc27e992ade23caaaddd6437769af4a1b2c5c1821f0623e9336d5c269302ba1adb0255ca51bbddb976
-
SSDEEP
3072:s9UDX43CvFzVRNQ4/UutqrQAKJgMXmIY7tRy2oSxuNn+Q24QEdTvSexNgPeEIuTe:suDoufQKnmjzoxhOKiPp/q+GgTuV
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-