General
-
Target
5e14cab7735db2f831e80c7b51254405.zip
-
Size
320KB
-
Sample
240831-bwzyhaxgpb
-
MD5
3112f8c72cae61c2945f995eb87280ce
-
SHA1
a2189b3362cfbf69d67271d55431f0269a105f5a
-
SHA256
96f22574d2fc98125dd79ca3d2eedf5c4dc572423f60be6d9234f7c7938d365b
-
SHA512
92915dd4eac279c14eabf857341ebe2bd076e85ac71032069d84c573be8e1c8174a4086d47bd6ac66b355bee495b63c550a4f24eb6dc685629af0462eafd6ac9
-
SSDEEP
6144:y/lEQ2beIfZ3gi/oWV/OSHt5pihYEOyTeJ2LVnTBqWdwpoXsZuLT6:y//2lZ3noWgSHtngTdhUL+si+
Static task
static1
Behavioral task
behavioral1
Sample
b6c03a67716ee57c51bb9b400fe294f2fdc3e996ec1afdeeb820553796c00c31.exe
Resource
win7-20240704-en
Malware Config
Extracted
xloader
2.5
p0on
milopcoesbr.com
homestyle.online
cannonceramics.com
allycreditunion.com
findoutturkey.com
wingsboxmalta.com
freedomnflow.com
kwresearchfreelancer.com
filomenafashions.com
lilpil.com
extremevids.biz
suenasa.com
voraspices.com
bex-fit.com
gerontis.net
brighton-holidays.com
ginakferguson.store
newmexicochiletrader.com
klauszeit.com
gsareno.com
courseincomeaccelerator.com
projectdemo.pro
pandrwatch2.store
deb-directory.xyz
fueluplocal.com
anandiapers.xyz
tootieblues.com
mintarix.com
appliancerepairplusllc.com
espotplay.com
containerhousejodhpur.com
thelettingagent.online
camnal88.com
pikimenu.com
h4hijuby5wri.biz
debusute.com
seo-clicks6.com
kqitv.com
silkyskin.one
propcarcondition.com
escuelavascadeparapente.com
ifgravitygenuine.xyz
mrglink.club
mainmassager.com
autoestoria.com
building18candleco.com
thebreadbank.net
pracownia-wnetrz.com
tover.xyz
spaceameseu.xyz
bjshunfei.com
haoyinxing.com
lahorizameen.com
payamefinance.com
shadowboardsglobal.com
nextcara.com
fa4411.com
musiquespoetry.com
globallogisticx.com
lafermemdjs.online
evenonweb.com
spatialpor.xyz
escalarsalud.com
istansw.com
mejoresamateur.com
Targets
-
-
Target
b6c03a67716ee57c51bb9b400fe294f2fdc3e996ec1afdeeb820553796c00c31
-
Size
346KB
-
MD5
5e14cab7735db2f831e80c7b51254405
-
SHA1
61957df403a09153c60e1b0789c449fa3786d657
-
SHA256
b6c03a67716ee57c51bb9b400fe294f2fdc3e996ec1afdeeb820553796c00c31
-
SHA512
cde0d5e8d673502eb432e4dbc13115be99ad32631b5f6f78517dc176e01e40a0e9f1950d078359a653ce94e3d1feb77990d7ea5fab107298627e29a389253754
-
SSDEEP
6144:CBFYXmW1WV5kjpzmfxIjdjJ5AuIUvvWkhIFUnLmUjEdPJN6:CsXHEkcGjBXfvvvvYUnNEdPJA
-
Xloader payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-