General
-
Target
Payment_receipt-jpg.exe
-
Size
205KB
-
Sample
210226-5jwyhp73ve
-
MD5
ff3e0ab57af118dc198c22762d82a853
-
SHA1
7f6cc3851f4e778abad04e910849d81321b3112b
-
SHA256
a557dd45c97fa26c318728d77a46ea6b69afba06d1cbdc00975fe27492c5f17a
-
SHA512
5f18d775b0357ada24682d52f61c558db585aa8e0a1ee65cde4292ea60835e718c0bcc8daad2f264ba39cfae068aca01b4b5092a9508a6f6b1822926892576e0
Static task
static1
Behavioral task
behavioral1
Sample
Payment_receipt-jpg.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.t-delivery.com/c8bs/
hiocast.com
osloelektriker.com
reneochoa.com
abtalna.com
inochishop.com
meetingsourcing.com
agatmato.com
subauth.com
enascenso2011.com
tapaticon.website
jpamoroso.com
theofficialgarciaapp.com
a7a2.xyz
6767998.info
travelloverstransfers.com
themetroatlantateam.com
cmilegacy.com
sportcardcon.com
signaturehosts.com
banhxeowraps.com
mfsextract.com
livingjewishlymagazine.com
alzp8.com
fastidiousresults.com
clocks-a-ticking.com
pizzaballenbox.com
top-brand-express.com
hootcreativeco.com
xn--cndy-loa.com
artsglassandmirror.com
quimsonrentals.com
iluvmyhbcu.com
mrvelazquezrealty.com
introvertconnection.com
blessthiskitchen.com
aerolineaperu.com
primeshieldsecuritycompany.com
siatomindustry.com
mudipa.com
bostonm.info
accistgroup.com
digitalisdevelopment.com
everydaypicnics.com
zarzoors.com
turixtracker.com
godmissing.com
panoramazoom.com
knejf.com
precisioninspectionstampa.com
cj-ii.com
captainyoubook.com
cheveuxlong.com
gitedd5txuyk3.net
grantoutpost.com
newworld-foryou.com
trautcrew.com
me2meet.com
xinwenyuedu.com
polloslanave.com
partytax.com
vaccinn.com
octangled.com
parahcompany.com
umomento.com
Targets
-
-
Target
Payment_receipt-jpg.exe
-
Size
205KB
-
MD5
ff3e0ab57af118dc198c22762d82a853
-
SHA1
7f6cc3851f4e778abad04e910849d81321b3112b
-
SHA256
a557dd45c97fa26c318728d77a46ea6b69afba06d1cbdc00975fe27492c5f17a
-
SHA512
5f18d775b0357ada24682d52f61c558db585aa8e0a1ee65cde4292ea60835e718c0bcc8daad2f264ba39cfae068aca01b4b5092a9508a6f6b1822926892576e0
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-