General
-
Target
6c08713366fe48ccb8ba9cd42f0592aafd343a348d86550ca7c776bb5a5a7565.exe
-
Size
437KB
-
Sample
241123-r98qkawrgs
-
MD5
70d090fc55d3b19af4865a0881dd67f2
-
SHA1
c2bba878e06b81efd6b9294fc92a5a9ee227644b
-
SHA256
6c08713366fe48ccb8ba9cd42f0592aafd343a348d86550ca7c776bb5a5a7565
-
SHA512
e3ccdd4dd63f765b65cef898db2a569e62cdcbc218f4ce1464d1578d2bd36494b567bc232f054b1b3cae641b343690d4e5ba26c8d4e0ff7f11bd3b1d2b3270e1
-
SSDEEP
12288:CUi2iN6U0HWV1HGJIHZTrcXvA7Xxz90aiird:CUi1D0K1mGHZTe2XlOaNrd
Static task
static1
Behavioral task
behavioral1
Sample
6c08713366fe48ccb8ba9cd42f0592aafd343a348d86550ca7c776bb5a5a7565.exe
Resource
win7-20241010-en
Malware Config
Extracted
xloader
2.5
p0on
milopcoesbr.com
homestyle.online
cannonceramics.com
allycreditunion.com
findoutturkey.com
wingsboxmalta.com
freedomnflow.com
kwresearchfreelancer.com
filomenafashions.com
lilpil.com
extremevids.biz
suenasa.com
voraspices.com
bex-fit.com
gerontis.net
brighton-holidays.com
ginakferguson.store
newmexicochiletrader.com
klauszeit.com
gsareno.com
courseincomeaccelerator.com
projectdemo.pro
pandrwatch2.store
deb-directory.xyz
fueluplocal.com
anandiapers.xyz
tootieblues.com
mintarix.com
appliancerepairplusllc.com
espotplay.com
containerhousejodhpur.com
thelettingagent.online
camnal88.com
pikimenu.com
h4hijuby5wri.biz
debusute.com
seo-clicks6.com
kqitv.com
silkyskin.one
propcarcondition.com
escuelavascadeparapente.com
ifgravitygenuine.xyz
mrglink.club
mainmassager.com
autoestoria.com
building18candleco.com
thebreadbank.net
pracownia-wnetrz.com
tover.xyz
spaceameseu.xyz
bjshunfei.com
haoyinxing.com
lahorizameen.com
payamefinance.com
shadowboardsglobal.com
nextcara.com
fa4411.com
musiquespoetry.com
globallogisticx.com
lafermemdjs.online
evenonweb.com
spatialpor.xyz
escalarsalud.com
istansw.com
mejoresamateur.com
Targets
-
-
Target
6c08713366fe48ccb8ba9cd42f0592aafd343a348d86550ca7c776bb5a5a7565.exe
-
Size
437KB
-
MD5
70d090fc55d3b19af4865a0881dd67f2
-
SHA1
c2bba878e06b81efd6b9294fc92a5a9ee227644b
-
SHA256
6c08713366fe48ccb8ba9cd42f0592aafd343a348d86550ca7c776bb5a5a7565
-
SHA512
e3ccdd4dd63f765b65cef898db2a569e62cdcbc218f4ce1464d1578d2bd36494b567bc232f054b1b3cae641b343690d4e5ba26c8d4e0ff7f11bd3b1d2b3270e1
-
SSDEEP
12288:CUi2iN6U0HWV1HGJIHZTrcXvA7Xxz90aiird:CUi1D0K1mGHZTe2XlOaNrd
-
Xloader family
-
Xloader payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-