General
-
Target
PaymentAdvice.exe
-
Size
388KB
-
Sample
210408-855sx83vjn
-
MD5
6f7b859f349e73f24ddffa5bf11bbe27
-
SHA1
87e76a368434c54cc4904ea4219e14c25f9ba7e6
-
SHA256
f45a023c86d834183f3073c05227d6f40686aef4a71b3893b823be493d7aae83
-
SHA512
8b2a3d9360c358358ae7750df53d5072aad39d27ca87d2ed14908c65acdca66070b7bb379c2950008f03b03ccc1dbd9a6d0836934c508283fcf55cde4e5c1f5b
Static task
static1
Behavioral task
behavioral1
Sample
PaymentAdvice.exe
Resource
win7v20201028
Malware Config
Extracted
xloader
2.3
http://www.saturnkorp.net/c22b/
westendjanakpuri.com
sylvianicolades.com
xhvai.com
vitalinfusionofarizona.com
orangeecho.com
middletonyork.net
nature-powered.com
securemanchester.com
hispanicalinguablog.com
vtz6whu5254xb1.xyz
forceshutdown.com
apointlessspace.net
wildsoulsport.com
baa-bee.com
unmanglement.com
njtiy.com
misery-indexrain.com
buybox.guru
abolishlawinforcement.com
healthforherraleigh.clinic
merakart.com
thetrentproject.com
tobaccoroadinvitational.com
sgdivergence.com
skmoil.com
bornforbetterthings.com
tianyulian.com
pwjol.com
roab.store
thebellabloom.com
innerpeacehabits.com
curtex.info
worshipher.net
puebloregentseniorliving.com
profoundai.net
yupinduoge.com
draftsofsilence.com
plataformaporelmarcanario.com
grandrapidshemorrhoidclinic.com
crossfut.net
cobourgautoglass.com
whowetrust.com
anchor-little.com
antiqollection.com
wvregistration.com
droplites.com
creditiscrucial.com
simdikikitap.com
deltaeleveight.com
webinast.com
brandschutzglas.com
brightsidebeans.com
weatherdekniagara.com
dajiangzhibo12.com
transporteyflete.com
dulzdude.com
tmancar.com
tristatecandlesupply.net
thehealthierdonut.com
francacheladesigns.com
enerav.com
highsiddityminks.com
aitelco.net
prulib.com
Targets
-
-
Target
PaymentAdvice.exe
-
Size
388KB
-
MD5
6f7b859f349e73f24ddffa5bf11bbe27
-
SHA1
87e76a368434c54cc4904ea4219e14c25f9ba7e6
-
SHA256
f45a023c86d834183f3073c05227d6f40686aef4a71b3893b823be493d7aae83
-
SHA512
8b2a3d9360c358358ae7750df53d5072aad39d27ca87d2ed14908c65acdca66070b7bb379c2950008f03b03ccc1dbd9a6d0836934c508283fcf55cde4e5c1f5b
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-