General
-
Target
827aef504e43c4ce730445746334cd50
-
Size
825KB
-
Sample
240130-vlg5gsbcep
-
MD5
827aef504e43c4ce730445746334cd50
-
SHA1
fd63e75f05627b7e56a692fdadf424076cf494f2
-
SHA256
b503149e8dd7788175bf26b671aaa1a74120fc7e729ee943aae8d6005607bf29
-
SHA512
3d78a9c1a4c24b2a42a2ad0d2ae641e6539c5d538aeb1367979baf71b975921ecba318e390345bf26db3cee514a5864f0485ccdebb6fc34f783af37856083493
-
SSDEEP
12288:w+CK4H5nlb8uYhkOH7DuG0fEXj8l2hh/khDweCje:Z8Zlb853NzC2hlwwrje
Static task
static1
Behavioral task
behavioral1
Sample
827aef504e43c4ce730445746334cd50.exe
Resource
win7-20231215-en
Malware Config
Extracted
xloader
2.3
nwru
zjkhyo.com
mogreener.com
galanpresente.com
anthologistliving.com
jfl-info.net
cascobaycuttlerly.com
nefertityeg.com
greatescapefurniture.com
primulashop.com
xn--cittinrete-k4a.com
drugstoire.com
kefaloniabride.com
viralgenstudents.com
makerwl.com
rubyweed.com
badenio.com
smartcontracttraders.com
lcscards-veilig.icu
qf553.com
dnhsxm.com
hellonikitashetty.com
hblkeys.com
ka1288.com
gemzstore.com
petersgarages.com
daria-s-secrets.com
perteprampram10.com
destinedtofail.net
kathuku.com
7ssas.com
delta5.pro
delladonne.com
geraldinegosse.club
ethereumpays.com
lange-creative.com
allthingsbridal.net
thehacking.net
spanishoakscirclehome.com
mobiletech.systems
cruisingthrough.com
mraskinglowid.com
docs-nurses-caps.com
testxyy.xyz
rugbycubzni.com
001block.com
xn--639a399bi5af5p.com
arlingtonhvaccontractor.net
kuppers.info
newenglandcookbooks.com
lakilive.com
baetalks.com
yx0510.com
binggodz.com
wuxkfowev.icu
epicfxtrading.com
solfa.tech
cheapestwithheart.net
jadedene.com
pd1lws7k-666.com
oggstaxidermy.com
circulatetheapp.net
ahjjbxg.com
corona-entschuldung.com
ewfulfilment.com
tyrantthemes.com
Targets
-
-
Target
827aef504e43c4ce730445746334cd50
-
Size
825KB
-
MD5
827aef504e43c4ce730445746334cd50
-
SHA1
fd63e75f05627b7e56a692fdadf424076cf494f2
-
SHA256
b503149e8dd7788175bf26b671aaa1a74120fc7e729ee943aae8d6005607bf29
-
SHA512
3d78a9c1a4c24b2a42a2ad0d2ae641e6539c5d538aeb1367979baf71b975921ecba318e390345bf26db3cee514a5864f0485ccdebb6fc34f783af37856083493
-
SSDEEP
12288:w+CK4H5nlb8uYhkOH7DuG0fEXj8l2hh/khDweCje:Z8Zlb853NzC2hlwwrje
-
Xloader payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-