General
-
Target
568af775c70dc6789e84a95a7b9cbd0b
-
Size
502KB
-
Sample
240112-qcwjasgebj
-
MD5
568af775c70dc6789e84a95a7b9cbd0b
-
SHA1
87458784e0b2a171dbef7b5c94c85a5d94596cdf
-
SHA256
ecbd46c265b67d75964db9233ccd1f26710d56ab7f649845e44f59d55db4251b
-
SHA512
91d9683cd6d1bbfad866edc74c84572cd1e22b85c378137faa3ded17add5647756970ec797668629bbb8e16433a200b5d0dee8ce5e8e1bd51630fd742923cdd4
-
SSDEEP
12288:2+UOMuJLk2Nv9WChRRoYccN+5mVvBG15vckXBWf4mY2im1O:+OMmLk27ROBmVvg7c
Static task
static1
Behavioral task
behavioral1
Sample
568af775c70dc6789e84a95a7b9cbd0b.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
bp39
glembos.com
adjud.net
beautifyoils.com
chilewiki.com
duxingzi.com
happygromedia.com
restpostenboerse.com
vowsweddingofficiants.com
ladingjiwa.xyz
keepmakingefforts-001.com
yeniao.net
eyildirmaz.com
sayanghae.com
promoteboost.com
lzft.net
proudindiacompany.com
birchwoodmeridianlink.com
mesinionisasi.com
wwwrigalinks.com
wewearthepants.com
showtimerisingstarz.com
conheonet.club
bigdogshirlfox.com
xn--ehqw60f1ex.club
redmondgrowth-usa.com
myfcmtestsite.com
dreamersclubstudios.com
bulukx.com
netdetameruweb.xyz
djibnb.com
malikakids.com
11298.xyz
shuanglinsm.com
blackliontv.com
louiskochins.com
successfullsolutionworks.com
myrcmall.com
letsplayandgo.com
history-at-home.com
twentyfour4academy.com
immersebyacfw.com
grazestyle.com
asuatlalumni.com
akmh.pro
oldsportapparel.com
alphaprimfi.com
qgrandcafe.com
draggonlng.com
publish.mobi
myuhcvisioni.com
susanpatersonwriter.com
1033308.com
vaca.travel
djmarieco.com
realiszt.com
am-evestment-training.com
plaguelanguage.com
kcpinvest.com
wedilivervc.com
stopneuralink.com
alyvmarli.com
disseminacao.com
testaker.com
officee65.com
piadineriae45.com
Targets
-
-
Target
568af775c70dc6789e84a95a7b9cbd0b
-
Size
502KB
-
MD5
568af775c70dc6789e84a95a7b9cbd0b
-
SHA1
87458784e0b2a171dbef7b5c94c85a5d94596cdf
-
SHA256
ecbd46c265b67d75964db9233ccd1f26710d56ab7f649845e44f59d55db4251b
-
SHA512
91d9683cd6d1bbfad866edc74c84572cd1e22b85c378137faa3ded17add5647756970ec797668629bbb8e16433a200b5d0dee8ce5e8e1bd51630fd742923cdd4
-
SSDEEP
12288:2+UOMuJLk2Nv9WChRRoYccN+5mVvBG15vckXBWf4mY2im1O:+OMmLk27ROBmVvg7c
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-