General
-
Target
ca19432da459c894d6886030b078a5a132fa244aaaff0433f95bf888b586530d
-
Size
325KB
-
Sample
241121-zh2ryaxmgs
-
MD5
664610b26d7994dc40f6d81955a7ecc7
-
SHA1
ad208933d31f9513e7230011000f25f4f596c455
-
SHA256
ca19432da459c894d6886030b078a5a132fa244aaaff0433f95bf888b586530d
-
SHA512
71597b0716c52cda65d9bfc5efbd5c552dcdf939f2aa65c675b9d490d215860dd3c4b9f13b2a52140f63b1a3ee06b7801136603ee17e08d77f3b1c2c6fe31058
-
SSDEEP
6144:dIpaDOa+BHJFdktMxSdv8p6cfQ2Uj9REwBvhYKHp6jsD:+pad+BHiczxYH37ZY8uK
Static task
static1
Behavioral task
behavioral1
Sample
3824f68042b243ff952a0184baaca8ede5c254821a8ec8e8be9fa86224ddbc55.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3824f68042b243ff952a0184baaca8ede5c254821a8ec8e8be9fa86224ddbc55.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
kczbgk.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
kczbgk.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xloader
2.5
nqs9
lgingood.com
shopgeti.com
christianuomo.com
sportsxuk.com
markidesignstore.com
tjhuoliao.com
docomobb.xyz
ilrespirodelmare.com
kfconline.rest
paramusrepair.com
w3zand.com
unguamtruppe.quest
bethesdagardensloveland.net
bostonstretchlimousine.com
yycsmj.net
creatorgela.com
bestalcoholfreebeer.com
jorgeforfr.com
dlzxd.com
rajaranicoupon.xyz
marnannyc.com
bettersalud.info
xn----etbdbfqj8aat.xn--p1acf
brandsagency.net
tradequy.net
farmaciacentral.online
portaal140.top
solacebooks.online
theroastercoaster.com
vanityandsanity.store
thediscoverytrail.com
comunidadpatriota.com
simplyall.xyz
db-propertygroup.com
mgav37.xyz
dwight.store
prosperityurgentcare.us
realbrother.net
shineshaft.website
just4beauty.store
zoosmash.com
paneiro.net
splitattherootfilm.com
waytokeiomed.com
allaroundlandscapingllc.com
pageants.xyz
amenosu.com
karamrentacar.com
dfgroup.tech
valdicolor.com
nu9gayde.xyz
bookfling.store
trimcatch.com
serbersa.com
richmondcambiemedicalclinic.com
claritydesignz.com
finlandfive.xyz
hgs777.com
mjfashionnz.com
pragunananda.com
donbicicleta.com
executeonpurpose.com
proteamstaxconsultancy.com
zmduk.com
thietketrantam.art
Targets
-
-
Target
3824f68042b243ff952a0184baaca8ede5c254821a8ec8e8be9fa86224ddbc55
-
Size
337KB
-
MD5
1e9e125ed34109f2c640b25538185cac
-
SHA1
89faa5b5789eb1633ca74ee15d34c16c0b0cf174
-
SHA256
3824f68042b243ff952a0184baaca8ede5c254821a8ec8e8be9fa86224ddbc55
-
SHA512
b5a98b361d7006b12570b15ef28d5fdc41f274db6e95e9eea7ec6f08736676b630ad2bb0347aecb7bca9433a5f31eafa6f3bd72dd504ec4ec61dc01e06d0c1ee
-
SSDEEP
6144:rGiPGY4OddUWhpyRJ5Q/cd78kxpAX1F1NIyEA29o7EJYUlhZIzPW:yY4Opyb5Q/cV8kxGX1FMaFEJVpcW
-
Xloader family
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
kczbgk.exe
-
Size
177KB
-
MD5
0bf3e785b6a7a0c1ae07417cbf290121
-
SHA1
5cf19f555dc7ed6eefa74285e95ca7b396855793
-
SHA256
bd0b5a7be527aa878536fa7f40dcff283a51a7138109efaf2a44440b235a0ab5
-
SHA512
d83ab29b90b2f07d8125d5452a113ab43dffd88a423003e0a53d5937549ef7d04b4e994a8b2520637651d46080c98c8a3bea2916c1dccb42f6f97cf966ce81cb
-
SSDEEP
3072:AtM7C70nMyTBIMzeY4og8T/BOvRNPDE+FvnqMsYFhFiScRC:AnSMaBpeY4x8T5KDDE+FSMsaZp
Score3/10 -