General
-
Target
ae60fb877b44fb7cae71fb5f57207aa0
-
Size
851KB
-
Sample
240229-nccp3sfb7s
-
MD5
ae60fb877b44fb7cae71fb5f57207aa0
-
SHA1
7b3e167a838b09e52af62ba99c0702a150ea6f94
-
SHA256
f5f438857e1d75cd3a0c7c8d8fde494ec31705db16f19e3d026d9f09e503fbf5
-
SHA512
489df49eb64880e4990c0a679502fabf7ee1637bf2fe92ce8a3f1e10891b0ff56ac95775194d749d385150947fda47a76780bb577f52f1c3831062159a7e6570
-
SSDEEP
24576:ioR6qgmswwE1p80qdg1+81OM8fEj1zUgSLFWPZy2:hsKbY0qds+sOI1IguFuy
Static task
static1
Behavioral task
behavioral1
Sample
ae60fb877b44fb7cae71fb5f57207aa0.exe
Resource
win7-20240221-en
Malware Config
Extracted
xloader
2.3
n8ba
thefitflect.com
anytourist.com
blggz.xyz
ascope.club
obyeboss.com
braun-mathematik.online
mtsnurulislamsby.com
jwpropertiestn.com
animalds.com
cunerier.com
sillysocklife.com
shopliyonamaaghin.net
theredcymbalsco.com
lostbikeproject.com
ryggoqlmga.club
realestatetriggers.com
luvlauricephotography.com
cheesehome.cloud
5fashionfix.net
wata-6-rwem.net
ominvestment.net
rrinuwsq643do2.xyz
teamtacozzzz.com
newjerseyreosales.com
theresahovo.com
wowmovies.today
77k6tgikpbs39.net
americagoldenwheels.com
digitaladbasket.com
gcagame.com
arielatkins.net
2020coaches.com
effthisshit.com
nycabl.com
fbvanminh.com
lovebirdsgifts.com
anxietyxpill.com
recaptcha-lnc.com
aprendelspr.com
expatinsur.com
backtothesimplethings.com
pcf-it.services
wintonplaceoh.com
designermotherhood.com
naamt.com
lifestylebykendra.com
thehighstatusemporium.com
oneninelacrosse.com
mariasmoworldwide.com
kitesurf-piraten.net
atelierbond.com
mynjelderlaw.com
moucopia.com
hauhome.club
imroundtable.com
thralink.com
baoequities.com
nassy.cloud
goldenstatelabradoodles.com
revenueremedyintensive.com
dfendglobal.com
pugliaandgastronomy.com
cypios.net
trinioware.com
narrowpathwc.com
Targets
-
-
Target
ae60fb877b44fb7cae71fb5f57207aa0
-
Size
851KB
-
MD5
ae60fb877b44fb7cae71fb5f57207aa0
-
SHA1
7b3e167a838b09e52af62ba99c0702a150ea6f94
-
SHA256
f5f438857e1d75cd3a0c7c8d8fde494ec31705db16f19e3d026d9f09e503fbf5
-
SHA512
489df49eb64880e4990c0a679502fabf7ee1637bf2fe92ce8a3f1e10891b0ff56ac95775194d749d385150947fda47a76780bb577f52f1c3831062159a7e6570
-
SSDEEP
24576:ioR6qgmswwE1p80qdg1+81OM8fEj1zUgSLFWPZy2:hsKbY0qds+sOI1IguFuy
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-