General
-
Target
payment _doc.exe
-
Size
884KB
-
Sample
210119-sxgkpyj9qx
-
MD5
d65c9fe128d2294055cc9b3238e67c07
-
SHA1
1495109fc0760f4becd195b790206a0fc00b89ce
-
SHA256
ad03ca16b05c593894d3cf90ea6ebe56f3ce6dc94dc0675234f357893f3aadfa
-
SHA512
60b9fb9c9d159dac7d9a486ebf7dba7387ac45ab184857a0721d59e2a78dc4a4e074b80126d912d4a00351345f564e283ef2bf7630c437147d398a52b4f9fb21
Static task
static1
Behavioral task
behavioral1
Sample
payment _doc.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.bimtracks.com/e3eb/
jrgsestates.com
xpress-supplies.com
manniramart.com
2800delaware.com
abeltobaygo.com
audiologiamallorca.com
motormaniaintl.com
millennialluxuryliving.com
wrightrealestates.com
servicesguide.online
ignitejob.com
overdoza.com
deliveringcarsanywhere.com
lojahellomundo.com
245245.xyz
ngdbusa.com
bandarnalo.network
microbekr.com
myflycodes.club
weatherstationpolinema2020.com
allysonroche.com
yankandducks.com
mommynthemiddle.com
anillanyaralo.com
dreamfinn.com
racevx.xyz
tmtbikes.com
nadiyaku.com
aksharaindia.com
3415elmcrest.com
fivefontaire.com
fourdigitalmarketing.com
buyvalencebatteries.com
oilexpress.online
almassagroups.com
subtlehuesmnl.com
keystonemedicalwellness.com
eastindiaclub.media
halseydevelpment.com
visitcamberhill.com
stocktonweeddelivery.com
myapibank.com
medijobsonline.com
ezgamer.xyz
drivewithcaramel.com
made-in-wonderland.com
veritylogisticsllc.com
winnicapolska.com
ferrerasfeliz.com
milkafrias.com
klumio.com
maquettree.com
mymindwine.com
mnmelectronics.com
bet-s.net
careercoachjuan.com
offencebzo.space
yunchuangyoupin.com
azdirtworks.com
manconnectr.services
islamicandotherhittopics.com
habiliurapol.xyz
exm-droneops.one
lemonbrite.com
Targets
-
-
Target
payment _doc.exe
-
Size
884KB
-
MD5
d65c9fe128d2294055cc9b3238e67c07
-
SHA1
1495109fc0760f4becd195b790206a0fc00b89ce
-
SHA256
ad03ca16b05c593894d3cf90ea6ebe56f3ce6dc94dc0675234f357893f3aadfa
-
SHA512
60b9fb9c9d159dac7d9a486ebf7dba7387ac45ab184857a0721d59e2a78dc4a4e074b80126d912d4a00351345f564e283ef2bf7630c437147d398a52b4f9fb21
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-