General
-
Target
Payment Confirmation.zip
-
Size
649KB
-
Sample
210818-amff7xpkl6
-
MD5
8639997fe4cee3a590cf542a44812e9d
-
SHA1
e83afc7890a541a5d88b5b0d6ff553e4f0cc877f
-
SHA256
92d6672e0e1cded3710dea633a3689a678a7e01e97b01e6029ce406b15d70a04
-
SHA512
69b5f8c760f085d515a42e701902efb671c90af6d8dcc6df112d0a631ca727d7ab585b23abb9ddb93733cee68b7d59d81b32c710da272d14078fd6bcf9bf6a47
Static task
static1
Behavioral task
behavioral1
Sample
Payment Confirmation.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
ubqk
http://www.fireescapebk.com/ubqk/
thewanderers.info
nowthinasten.com
salesnewage.com
fzgjx.club
transformationcamp.net
thewaltongroup30a.com
bitdoubler.info
elveronac.com
tabupolitico.com
thecureisweed.com
collegesupermatch.com
bbluedotpanowd.com
joakimrexperience.com
philorise.com
beelippy.com
glitchedcode.com
northwoodsremodeling.com
healrrr.com
precisadiagnostics.com
1crude.com
rbwfitness.com
corretoreduardo.online
qmcp00099.com
djangow.com
fufumail.com
tytywh.com
justadmirers.com
airodynamiks.com
galaxyinsurancequotes.com
lotis.group
mattarelloly.xyz
captain-earth.com
toughmatic.com
coffeelicious247.com
anchorbaymotors.com
ilovepretoria.com
nizacarssuppliers.com
defieloan.com
logansportfinance.com
lowlands-league.com
beautifulyoucardsandgifts.com
windlandseastseniorliving.com
bopocoko.com
tommystic.com
drsapfa.com
picksay.space
psd4arb.com
micomputador.com
moytown.com
ameriwhiz.com
field-trk-zone.com
accinf04.com
ecsoiam.com
tumblewedia.com
boxhubliving.com
mauritiuscoin.com
blun33.com
grollere.pro
ittasteslikecheating.com
stylishsweatpants.com
liubangpay.com
aoc20.com
pgatkur.com
simplio.global
Targets
-
-
Target
Payment Confirmation.exe
-
Size
867KB
-
MD5
fbc0a38898145f58ec52b75a6a0d4f58
-
SHA1
0e1b7baa19c708aada04ebe148575996eb5ee7cb
-
SHA256
7e99dc28bcc8be32fb1477bc6b67da52d67195e1e9ebc9612118a9e180675af7
-
SHA512
19dc73d78176cae92fa3e6223107a965e72cd54b26ce69cb47b4bc696e67afae4d9a35a927cd75d7df583bf062b5fa129c7d49bf3e565e26167633c91085107a
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-