General
-
Target
4d44d59167c438427c402149dc11f8ad
-
Size
781KB
-
Sample
240109-egf4maeefp
-
MD5
4d44d59167c438427c402149dc11f8ad
-
SHA1
f4ee7a4b2ed54a47eb01ba0f8de8457e0f91bb81
-
SHA256
f6d07600ad2883462e18b94c06aabda3a2741fe8179c34d0befacaa4bd62a655
-
SHA512
acfcc882883de135e0b803d47abcdc05e53d7b97cc5f7e0d927b9669c7e44f5118a27d08d855a7e2b2b1216bf750dc46614fd9f48c090cd24c7ab50dd5e6f786
-
SSDEEP
12288:jwBe93OmzU2ai6D3h0kaHHMbuG0fEXj8l2hh/khmw0t8:PZai6Dban2zC2hldwh
Static task
static1
Behavioral task
behavioral1
Sample
4d44d59167c438427c402149dc11f8ad.exe
Resource
win7-20231129-en
Malware Config
Extracted
xloader
2.3
nwru
zjkhyo.com
mogreener.com
galanpresente.com
anthologistliving.com
jfl-info.net
cascobaycuttlerly.com
nefertityeg.com
greatescapefurniture.com
primulashop.com
xn--cittinrete-k4a.com
drugstoire.com
kefaloniabride.com
viralgenstudents.com
makerwl.com
rubyweed.com
badenio.com
smartcontracttraders.com
lcscards-veilig.icu
qf553.com
dnhsxm.com
hellonikitashetty.com
hblkeys.com
ka1288.com
gemzstore.com
petersgarages.com
daria-s-secrets.com
perteprampram10.com
destinedtofail.net
kathuku.com
7ssas.com
delta5.pro
delladonne.com
geraldinegosse.club
ethereumpays.com
lange-creative.com
allthingsbridal.net
thehacking.net
spanishoakscirclehome.com
mobiletech.systems
cruisingthrough.com
mraskinglowid.com
docs-nurses-caps.com
testxyy.xyz
rugbycubzni.com
001block.com
xn--639a399bi5af5p.com
arlingtonhvaccontractor.net
kuppers.info
newenglandcookbooks.com
lakilive.com
baetalks.com
yx0510.com
binggodz.com
wuxkfowev.icu
epicfxtrading.com
solfa.tech
cheapestwithheart.net
jadedene.com
pd1lws7k-666.com
oggstaxidermy.com
circulatetheapp.net
ahjjbxg.com
corona-entschuldung.com
ewfulfilment.com
tyrantthemes.com
Targets
-
-
Target
4d44d59167c438427c402149dc11f8ad
-
Size
781KB
-
MD5
4d44d59167c438427c402149dc11f8ad
-
SHA1
f4ee7a4b2ed54a47eb01ba0f8de8457e0f91bb81
-
SHA256
f6d07600ad2883462e18b94c06aabda3a2741fe8179c34d0befacaa4bd62a655
-
SHA512
acfcc882883de135e0b803d47abcdc05e53d7b97cc5f7e0d927b9669c7e44f5118a27d08d855a7e2b2b1216bf750dc46614fd9f48c090cd24c7ab50dd5e6f786
-
SSDEEP
12288:jwBe93OmzU2ai6D3h0kaHHMbuG0fEXj8l2hh/khmw0t8:PZai6Dban2zC2hldwh
-
Xloader payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-