General
-
Target
Remittance Advice pdf.exe
-
Size
753KB
-
Sample
210503-y6zx955gsx
-
MD5
f597d74f90311fa86a708b211892d76f
-
SHA1
2d8f68efc677df2b2958e5631bffaf610a5661ab
-
SHA256
84d44657f148197e79e253ab0b50cdd8003e2b760318f9ab760b47fe4e25a594
-
SHA512
f541bfd4e0a0566002bd1e18d5b43d20a2452099e23e2f0f5e64202e2bad1317bb3aa51eca005908314bb49eee6074b8ae09c58006ec1c134c7b218a5e6f312e
Static task
static1
Behavioral task
behavioral1
Sample
Remittance Advice pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Remittance Advice pdf.exe
Resource
win10v20210410
Malware Config
Extracted
xloader
2.1
http://www.brandonprattdrums.com/nt8e/
cfwg123.com
gazipasadan.xyz
careogeen.com
zitatewelten.com
thecvpro.com
viltais.com
benimed.today
rogerecameron.com
courtclassesathome.com
yakin-hm.com
vidasanayprospera.com
mandirana.com
skybluebet.com
rescuedpetsarewonderful.com
solisdq.info
affiliateside.com
homewellliving.com
missteenroyaluniverse.com
bajrangproperties.com
bundleobliss.com
donotwasteyourvote.com
shuziyuming.com
sabalotours.com
awesomebikeco.com
katysteakhouse.com
journeyofcamera.com
electricmotorcyclecollector.com
hincodrones.com
rfscustominteriors.com
agilelocker.com
jobheap.com
vrolin.com
tudeladirecto.com
tqwhspace.com
ricoemail.com
highfashionexchange.com
simplicty-in-life.com
3907allendale.com
mostposh.com
poshzip.com
mohdnaved.com
lostintraveland.com
elitephoneskillsacademy.com
coastalconciergebyliz.com
enbranding.com
tibetanartacademy.com
intothenest.com
andygreenphd.com
whereistheherb.store
thehimawaribrand.com
wapdevs.com
sewadorbsclothing.com
citestaccnt1598677757.com
radiosteel.com
cover-solutions.com
feeneylaminate.com
minnesotawake.com
eneralysis.com
gomashio-taste.com
neutralplasmaexchange.com
liancaiwangv1.com
jobonlineupdate.com
runforlunch.com
fux.xyz
Targets
-
-
Target
Remittance Advice pdf.exe
-
Size
753KB
-
MD5
f597d74f90311fa86a708b211892d76f
-
SHA1
2d8f68efc677df2b2958e5631bffaf610a5661ab
-
SHA256
84d44657f148197e79e253ab0b50cdd8003e2b760318f9ab760b47fe4e25a594
-
SHA512
f541bfd4e0a0566002bd1e18d5b43d20a2452099e23e2f0f5e64202e2bad1317bb3aa51eca005908314bb49eee6074b8ae09c58006ec1c134c7b218a5e6f312e
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-