General
-
Target
Payment_invoice.exe
-
Size
638KB
-
Sample
210727-prwql9j77a
-
MD5
29645cb14447ff578aaa9dc4243f11e6
-
SHA1
cae1f1cfae48a35897e6c64b4f5b3de807af9aa4
-
SHA256
08893f139b09f2dc17635f17baf1f34d2fdf730ea44a41ba54b914ffc024f0c9
-
SHA512
36bbcc580af0e2b33bfd351fa4693ed40ee9485d099767612e8d45c6e0643f28f3b39915a56f98529c9ad8a4e16dd6888144e6ba9e6ccd7e3a765c27294e01cf
Static task
static1
Behavioral task
behavioral1
Sample
Payment_invoice.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.illoftapartments.com/uecu/
ishtarhotel.com
woodstrends.icu
jalenowens.com
manno.expert
ssg1asia.com
telepathylaw.com
quickoprintnv.com
abrosnm3.com
lumberjackcatering.com
beachujamaica.com
thomasjeffersonbyrd.com
starryfinds.com
shelavish2.com
royalglamempirellc.com
deixandomeuemprego.com
alexgoestech.xyz
opticamn.com
fermanchevybrandon.com
milbodegas.info
adunarsrl.com
dataatlus.com
missabrams.com
beaconservicesuk.com
tvforpc.website
dipmarketingagency.com
milsontt.com
londonsashwindowsservices.com
feedmysheepdaily.com
firsttimephysics.com
hosefire.com
southdocknj.com
idfstool.com
drelip.com
decayette.com
awakenedgodsofbeauty.com
easttexasranch.com
risinglanka.com
meetingoffices.com
vase-composition.com
kupon.asia
alltimeselfstorage.com
gatorbrewcoffee.com
api-pay-agent.com
height-project.online
flbtyc638.com
psdmoravita.com
highbrowhairstudio.com
deepblueriver.com
yh22022.com
sts-100.com
michaelfmoore.com
alzheimers.computer
produtos-servicos.website
zyuyktlcu.icu
ezewasser.com
outstanding-palisade.com
saioura.com
core.run
allaboutlifeblog.com
foodolog.net
somerderm.com
scootrlv.com
ahjjbxg.com
gasworldchampionships.com
Targets
-
-
Target
Payment_invoice.exe
-
Size
638KB
-
MD5
29645cb14447ff578aaa9dc4243f11e6
-
SHA1
cae1f1cfae48a35897e6c64b4f5b3de807af9aa4
-
SHA256
08893f139b09f2dc17635f17baf1f34d2fdf730ea44a41ba54b914ffc024f0c9
-
SHA512
36bbcc580af0e2b33bfd351fa4693ed40ee9485d099767612e8d45c6e0643f28f3b39915a56f98529c9ad8a4e16dd6888144e6ba9e6ccd7e3a765c27294e01cf
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-