General
-
Target
Payment_invoice.zip
-
Size
498KB
-
Sample
210722-mr97shl92j
-
MD5
d3564945f7bca84c662520b8417d3b39
-
SHA1
62699efe190636d3be8bb8391e4d3a38b150a527
-
SHA256
a6bd7955c36addf2593f1fd2ec04ea6557db2e1e2af523ca750f5923116994c0
-
SHA512
e7e823e4e00994adfd400193dfcb70b1807934c1bc3adc70131bd5cbc814e9dc67d216412d3154684f0f876ddb7de5e1c8bdce8caaf430b3e102efc50f8d8e08
Static task
static1
Behavioral task
behavioral1
Sample
Payment_invoice.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.illoftapartments.com/uecu/
ishtarhotel.com
woodstrends.icu
jalenowens.com
manno.expert
ssg1asia.com
telepathylaw.com
quickoprintnv.com
abrosnm3.com
lumberjackcatering.com
beachujamaica.com
thomasjeffersonbyrd.com
starryfinds.com
shelavish2.com
royalglamempirellc.com
deixandomeuemprego.com
alexgoestech.xyz
opticamn.com
fermanchevybrandon.com
milbodegas.info
adunarsrl.com
dataatlus.com
missabrams.com
beaconservicesuk.com
tvforpc.website
dipmarketingagency.com
milsontt.com
londonsashwindowsservices.com
feedmysheepdaily.com
firsttimephysics.com
hosefire.com
southdocknj.com
idfstool.com
drelip.com
decayette.com
awakenedgodsofbeauty.com
easttexasranch.com
risinglanka.com
meetingoffices.com
vase-composition.com
kupon.asia
alltimeselfstorage.com
gatorbrewcoffee.com
api-pay-agent.com
height-project.online
flbtyc638.com
psdmoravita.com
highbrowhairstudio.com
deepblueriver.com
yh22022.com
sts-100.com
michaelfmoore.com
alzheimers.computer
produtos-servicos.website
zyuyktlcu.icu
ezewasser.com
outstanding-palisade.com
saioura.com
core.run
allaboutlifeblog.com
foodolog.net
somerderm.com
scootrlv.com
ahjjbxg.com
gasworldchampionships.com
Targets
-
-
Target
Payment_invoice.exe
-
Size
886KB
-
MD5
6633c63dfbe9126b630fab6db6ef845f
-
SHA1
9649c26901a9d0b28393f979df51203bc90ab861
-
SHA256
86b93054415c6e4c21fd68ad13fcdbbd9a300c275dfe4f768ffd2fdf42db4694
-
SHA512
bae5712b4f42ef292617edd44e970dece521cdcc38bf79ebcb7332a2e0a1591f64a71097f49c51557211b2f78a245e46953f4eeb80ffff9a890c191f671f062e
-
Xloader Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-